I’d like someone to explain this to me as I find this interesting. I have tech background but the OSI model is not something I’ve interacted with directly.
Some questions I come to think of
1. Why ESP32 made it closed?
2. What does the MAC layer in the OSI model make it so important to either make this closed/open source ?
From the article: "security auditability", possibility for features not supported, make research into Wi-Fi networks with lots of nodes more affordable.
E.g. ESP32 is proprietary, but it doesn’t limit the connection to certain routers, but could it be made to be?
1. They might have used IP cores with license that forbids disclosing any technical details, including firmware implementation.
2. Manipulating RF registers could cause the device to operate outside of regulatory parameters, perhaps invalidating FCC certification for the whole device. By not disclosing how to use MAC directly, they can claim they did their best to prevent device from misbehaving.
Item 1 is certainly the case here. Espressif licensed most of their original IP from tensilica, and this is completely normal for building a commercial microcontroller. If you don't have the in-house skill to build a complete WiFi radio stack from the ground up, you simply license the IP core and roll it into your product.
Nice work by the presenters here, it's a good idea and might help the community, but the current state is not the result of Espressif trying to be jerks.
The second item has been trotted out for roughly two decades as an excuse for why router companies block open source firmwares.
In those two decades there's been no evidence the FCC or other regulatory bodies follow that theory, and no evidence that open source firmware causes "misbehavior."
Please stop talking about it like it's an issue. It isn't.
People have been trying to shoehorn the Internet into the OSI model for decades. It's like the OSI supporters have waged a campaign to be relevant...and won.
It's a nice model, but once it gets above the phy layer it becomes sort of bad.
A huge part of the cost of developing a WiFi chip is in the firmware. WiFi is a complex set of protocols, and is especially tricky to implement in a low ram, low compute, power constrained device.
There is perhaps a 50/50 effort split between firmware and hardware design. Open source the firmware and suddenly an upstart competitor has only half the cost to market, and therefore could undercut you in price.
I would argue that the higher layers of OSI become more abstract and blurry, but it’s not wrong per se. TLS maps fairly well (not perfectly) to presentation layer.
Then again, OSI works best as a descriptive model rather than prescriptive. Plenty of applications don’t follow the model at all. QUIC is largely an optimization by collapsing many functions that OSI models as separate layers into one monolithic thing.
i'm also not professional networking engineer but overall open core will allow;
better interfacing and integration as a wifi chip on SBCs like raspberry pi, potentially allowing faster rates and lower latencies on SPI or I2c buses
better security and possibly handling further standards than the espressif allows.
for example, you may implement wpa3 or wpa4 (if it comes out at some point) without needing to wait for espressif to implement and release themselves. plus, they may never have the incentives to do so if a newer chip (esp64?) comes out...
It's just local maxima of utility. Not global ideal but pragmatic useful solutions. They could have delayed release for a century or two until a truly fair and open chip could be designed and fabricated, or you can get the chip today and complain about its pathetic proprietary nature along this long journey towards idealist heaven. The latter is way better.
This outfit has changed the term "backdoor" to mean "any undocumented feature". The findings reported are absolutely not a backdoor in any conventional usage of the term. One would need to flash their own code to the micro to make use of these features, which is the normal operating mode for any micro device.
This is nothing other than a security research team trying to get some attention by crying wolf.
This isn't a backdoor, it's just an undocumented debugger in the HCI stack. You still need a physical UART connection to the device AFAIK. The exact same type of connection you use to program and debug the device normally.
I’d like someone to explain this to me as I find this interesting. I have tech background but the OSI model is not something I’ve interacted with directly.
Some questions I come to think of
1. Why ESP32 made it closed? 2. What does the MAC layer in the OSI model make it so important to either make this closed/open source ?
From the article: "security auditability", possibility for features not supported, make research into Wi-Fi networks with lots of nodes more affordable.
E.g. ESP32 is proprietary, but it doesn’t limit the connection to certain routers, but could it be made to be?
1. They might have used IP cores with license that forbids disclosing any technical details, including firmware implementation.
2. Manipulating RF registers could cause the device to operate outside of regulatory parameters, perhaps invalidating FCC certification for the whole device. By not disclosing how to use MAC directly, they can claim they did their best to prevent device from misbehaving.
Item 1 is certainly the case here. Espressif licensed most of their original IP from tensilica, and this is completely normal for building a commercial microcontroller. If you don't have the in-house skill to build a complete WiFi radio stack from the ground up, you simply license the IP core and roll it into your product.
Nice work by the presenters here, it's a good idea and might help the community, but the current state is not the result of Espressif trying to be jerks.
There’s many devices that can get uncapped (Yaesu handhelds for example) without losing FCC certification.
"uncapped"?
The second item has been trotted out for roughly two decades as an excuse for why router companies block open source firmwares.
In those two decades there's been no evidence the FCC or other regulatory bodies follow that theory, and no evidence that open source firmware causes "misbehavior."
Please stop talking about it like it's an issue. It isn't.
The chaos that surrounded the Flipper Zero clearly indicates that it is an issue.
People have been trying to shoehorn the Internet into the OSI model for decades. It's like the OSI supporters have waged a campaign to be relevant...and won.
It's a nice model, but once it gets above the phy layer it becomes sort of bad.
A huge part of the cost of developing a WiFi chip is in the firmware. WiFi is a complex set of protocols, and is especially tricky to implement in a low ram, low compute, power constrained device.
There is perhaps a 50/50 effort split between firmware and hardware design. Open source the firmware and suddenly an upstart competitor has only half the cost to market, and therefore could undercut you in price.
Just in case you didn't know, the OSI model is wrong. The world uses the "TCP/IP model" - there's no "presentation layer" for example.
I would argue that the higher layers of OSI become more abstract and blurry, but it’s not wrong per se. TLS maps fairly well (not perfectly) to presentation layer.
Then again, OSI works best as a descriptive model rather than prescriptive. Plenty of applications don’t follow the model at all. QUIC is largely an optimization by collapsing many functions that OSI models as separate layers into one monolithic thing.
i'm also not professional networking engineer but overall open core will allow;
better interfacing and integration as a wifi chip on SBCs like raspberry pi, potentially allowing faster rates and lower latencies on SPI or I2c buses
better security and possibly handling further standards than the espressif allows.
for example, you may implement wpa3 or wpa4 (if it comes out at some point) without needing to wait for espressif to implement and release themselves. plus, they may never have the incentives to do so if a newer chip (esp64?) comes out...
One big win might be power savings.
OSI MAC =/= WIFI MAC + PHY
It's just local maxima of utility. Not global ideal but pragmatic useful solutions. They could have delayed release for a century or two until a truly fair and open chip could be designed and fabricated, or you can get the chip today and complain about its pathetic proprietary nature along this long journey towards idealist heaven. The latter is way better.
Timely post with the vulnerability research this week? https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-...
This outfit has changed the term "backdoor" to mean "any undocumented feature". The findings reported are absolutely not a backdoor in any conventional usage of the term. One would need to flash their own code to the micro to make use of these features, which is the normal operating mode for any micro device.
This is nothing other than a security research team trying to get some attention by crying wolf.
That was related to Bluetooth. Interesting undocumented low level commands but it's a bit of a stretch to call it a vulnerability IMHO.
But having the whole stack open would just be better in general.
Correct. HN thread https://news.ycombinator.com/item?id=43301369
Not a vulnerability in the way that Tarlogic makes it sound. Disingenuous and misleading article for sure.
A good bunch of "security" articles that make the news look more like scareware to me in the past years.
This isn't a backdoor, it's just an undocumented debugger in the HCI stack. You still need a physical UART connection to the device AFAIK. The exact same type of connection you use to program and debug the device normally.
A list of other open source firmware:
https://wiki.debian.org/Firmware/Open
I was watching the 38c3 talk about this a few months ago, and just laughed seeing the recent news. Guess they have a good reason to be paranoid, hmm.
https://youtu.be/r8IqkUTGjlA