Telephone: 1-844-NETIZEN
Tel: 1-844-NETIZEN
Email: team (at) Netizen.net
slider

Netizen: Monday Security Brief (3/10/2024)

Posted on 10 Mar 2025 at https://www.Netizen.net/news Source Link: https://blog.netizen.net

Today’s Topics:

  • Hidden Commands in ESP32 Bluetooth Chip Could Enable Attacks on a Billion Devices
  • US Cities Warn of Surge in Parking Ticket Phishing Scams
  • How can Netizen help?

Hidden Commands in ESP32 Bluetooth Chip Could Enable Attacks on a Billion Devices

Security researchers have discovered undocumented commands in the ESP32 microchip, a widely used WiFi and Bluetooth-enabled microcontroller manufactured by Espressif. With over a billion devices using ESP32 chips as of 2023, the presence of these hidden commands raises serious security concerns. Potentially exploitable for spoofing trusted devices, unauthorized data access, and persistence on compromised networks, these vulnerabilities could have far-reaching implications for IoT security.

Spanish cybersecurity researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco from Tarlogic Security unveiled their findings at RootedCON in Madrid. Their research suggests that these undocumented ESP32 commands could enable attackers to impersonate trusted devices and establish long-term persistence on targeted systems.

“Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices,” Tarlogic shared in a statement.

The ability to exploit these hidden commands may allow threat actors to bypass authentication mechanisms and compromise sensitive devices, including smartphones, computers, smart locks, and even medical equipment.

The discovery of these undocumented commands presents multiple security threats:

  • Device Impersonation: Attackers could use the hidden commands to spoof legitimate devices, tricking networks and users into accepting them as trusted connections.
  • Unauthorized Data Access: Exploiting these commands may grant hackers access to sensitive data, potentially leading to data breaches or further compromises.
  • Pivoting to Other Devices: Once an attacker gains access to a compromised ESP32-based device, they could move laterally across a network, targeting additional connected systems.
  • Long-Term Persistence: The ability to exploit these commands could allow attackers to establish persistent access to compromised devices, making detection and remediation significantly more difficult.

Following the public disclosure of these undocumented ESP32 commands, Espressif and the broader security community have been prompted to investigate the issue further. While Espressif has yet to provide an official statement regarding the potential risks, researchers and security professionals are urging IoT device manufacturers to assess their reliance on ESP32-based components and implement mitigations where possible.

The discovery also underscores the importance of transparency in hardware security. Undocumented or unintended functionalities within widely used chips can introduce severe vulnerabilities, particularly in IoT environments where security controls are often weak.

Organizations and individuals using ESP32-based devices should take the following steps to mitigate potential risks:

  • Firmware Updates: Monitor Espressif’s official channels for firmware patches that address security concerns.
  • Network Segmentation: Isolate IoT devices on separate network segments to prevent unauthorized access to sensitive systems.
  • Device Auditing: Regularly inspect and monitor IoT devices for unusual activity that may indicate unauthorized access.
  • Authentication Enhancements: Strengthen authentication mechanisms to prevent unauthorized devices from gaining network access.

US Cities Warn of Surge in Parking Ticket Phishing Scams

A widespread phishing campaign is targeting residents across multiple U.S. cities, tricking victims into paying fraudulent parking fines. These scam text messages claim to be from municipal parking violation departments, warning recipients of unpaid invoices and threatening additional daily fines. Authorities in cities such as New York, Boston, Detroit, and San Francisco have issued public warnings about this ongoing scam, urging residents to stay vigilant.

The phishing texts use fear and urgency to pressure victims into immediate action. A typical message states that the recipient has an outstanding parking violation and will be charged a $35 daily late fee if the fine is not paid immediately. The text includes a malicious link, directing victims to a fake payment portal designed to steal credit card details and personal information.

BleepingComputer received one such text targeting New York residents, which read:

“This is a final reminder from the City of New York regarding the unpaid parking invoice. A $35 daily overdue fee will be charged if payment is not made today.”

This same fraudulent template has been seen across multiple cities, using localized branding to make the scam appear legitimate.

Since the scam gained traction in December, numerous cities have reported an increase in phishing attempts. Warnings have been issued in:

  • Annapolis
  • Boston
  • Denver
  • Detroit
  • Houston
  • Milwaukee
  • Salt Lake City
  • Charlotte
  • San Diego
  • San Francisco

Local governments have advised residents not to click on suspicious links and to verify any outstanding parking violations directly through official city websites.

This phishing scam is part of a larger trend of social engineering attacks that exploit urgency and fear to trick individuals into disclosing sensitive information. If victims enter their payment details into the fraudulent site, attackers can steal their credit card information, personal data, and even use it for identity theft.

To avoid falling for these scams:

  1. Verify Directly with the City – Always check parking violations on official government websites rather than clicking on links in unsolicited messages.
  2. Look for Red Flags – Phishing messages often have generic greetings, grammatical errors, or unfamiliar links.
  3. Use Multi-Factor Authentication (MFA) – If your financial accounts support MFA, enable it to prevent unauthorized access.
  4. Report Suspicious Messages – If you receive a phishing text, report it to your city’s parking authority and your mobile carrier.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

News and Updates

Sign up to get the latest news and threat briefs:

Get in Touch

Telephone: 1-844-NETIZEN
Email: Team (at) Netizen.net
Office Locations:
Allentown, PA (Headquarters)
 Arlington, VA (DC Region)
 Charleston, SC (Southeast Region)

Connect With Us

    Facebook
    Twitter
    LinkedIn
    Instagram
    GitHub
    YouTube

Copyright © Netizen Corporation. All Rights Reserved.