There's nothing to "fall for". Do you have specific evidence that refutes Espressif's rationale for why they believe it's not a security issue. No, a flawed car analogy doesn't count.
If you can break into the application running on an ESP32, you already have full access to RAM etc. The debug HCI commands will not give you any extra access.
Yes, security researchers are incentivized to make issues seem like more of a problem than they are, and vendors are incentivized to minimize them. In this case, though, the reality is much closer to Espressif's version.
If you can break into the application running on an ESP32, you already have full access to RAM etc. The debug HCI commands will not give you any extra access.
Yes, security researchers are incentivized to make issues seem like more of a problem than they are, and vendors are incentivized to minimize them. In this case, though, the reality is much closer to Espressif's version.