ESP32 Chip Vulnerability Report
ESP32 chips are designed and manufactured by Espressif Systems, based in Shenzhen, China, and are widely used in IoT devices, smart homes, wearables, industrial control, and some cryptocurrency hardware wallets, such as Blockstream Jade, which generates Bitcoin transaction signatures.
However, this chip has a problem with insufficient entropy in its random number generator (RNG), allowing anonymous attackers to potentially guess the private key pair through brute force attacks.
According to a report by the cybersecurity research agency Crypto Deep Tech, they have successfully exploited a faulty hashing mechanism in the ESP32 chip to forge transaction signatures and extract private keys. In fact, their white hat hackers have successfully decrypted the private key of a real Bitcoin wallet containing 10 Bitcoins.
Global Bitcoin self-governors and related enterprises are highly concerned about this vulnerability. The ESP32 chip is not only widely used in billions of devices but also has a broad range of security weaknesses that encompass various digital assets needing protection, from Bitcoin to personal data.
Unfortunately, these security flaws in the ESP32 have already been deeply embedded in countless network devices worldwide that rely on this chip, leading to rapid awareness and discussion within the cybersecurity community. Currently, white hat hackers and research teams continue to engage in “Responsible disclosure” and have marked this vulnerability as a potential attack vector that could be exploited by nation-state hackers.