The recent undocumented code in the ESP32 microchip, made by Chinese manufacturer Espressif Systems, is used in 1+ billion devices and could represent a cybersecurity risk. Its reveal by security researchers has kicked off a discussion - are they security vulnerabilities or just debug tools?

Any debug, test, or validation features should be removed or documented before they become available to customers.

https://open.substack.com/pub/matthewrosenquist/p/are-they-vulnerabilities-or-undocumented