Just reread it and no, it’s not a BT vulnerability. The “erase flash” command is something that has to be done by software running outside the BT stack. You can even see that inside the slides. The UsbBluetooth software is connected to the device with the flawed bluetooth chipset.

The vulnerability is that if you have this chipset and compromised software, someone can flash the chipset with compromised flash. They even say that it’s not an easy attack to pull off in the article.

In general, though, physical access to the device’s USB or UART interface would be far riskier and a more realistic attack scenario.

In otherwords, the attack is something that can only be pulled off if there’s also a security vulnerability within other parts of the hardware stack.

I just re-read the article and yes, you still need physical access.

The exploit is one that bypasses OS protections to writing to the firmware. In otherwords, you need to get the device to run a malicious piece of code or exploit a vulnerability in already running code that also interacts with the bluetooth stack.

The exploit, explicitly, is not one that can be carried out with a drive-by Bluetooth connection. You also need faulty software running on the device.

I think we are basically already there with ESPs :D.

Security wise, unless you are being specifically targeted by someone, you are almost certainly fine. And if you are being specifically targeted, I think someone hacking your ESPs is the least of your worries. A malicious attacker that knows your physical location can do a lot more scary things than just spying through ESPs.

You’re fine. This isn’t something that can be exploited over wifi. You literally need physical access to the device to exploit it as it’s commands over USB that allow flashing the chip.

This is a security firm making everything sound scary because they want you to buy their testing device.