This post refutes the claim that researchers found a "backdoor" in ESP32 Bluetooth chips. What the researchers highlight (vendor-specific HCI commands to read & write controller memory) is a common design pattern found in other Bluetooth chips from other vendors as well, such as Broadcom, Cypress, and Texas Instruments. Vendor-specific commands in Bluetooth effectively constitute a "private API", and a company's choice to not publicly document their private API does not constitute a "backdoor".
I mean, this doesn’t really change anything from a practical perspective. It just highlights that the verbage in the press release was alarmist.
It’s still a security concern that most users will be unaware of.
Yes, in the sense that every device you own has these same commands
The alarmist of the original was that this was somehow unique to the esp32
If your device has Bluetooth, it has these commands