BlueID locking systems: Secure thanks to high-quality Nordic chips

“Our locking systems are not affected by ESP32 security vulnerabilities.”

In March 2025, reports of undocumented BluetoothHCI commands in Espressif's ESP32Chip were published, classified as a vulnerability (CVE202527840) and could theoretically allow manipulation of memory and firmware. However, these commands are only accessible via a wired HCI interface and require already acquired root privileges on the device – a remote attack via Bluetooth is impossible. BlueID locking systems use Nordic nRF52Chips (nRF52840/nRF52833).

ESP32Vulnerability in detail

• 29 hidden VendorSpecific HCI commands (e.g. 0xFC02 “Write memory”) provide direct access to RAM and flash.
• Prerequisites: physical access via UART/SPI and high privileges. No Over the Air Exploitability.
• According to Espressif, these commands are only for debugging purposes; future firmware updates will restrict access.

Nordic nRF52840 & nRF52833 Security Architecture

• Fully documented HCI commands; no hidden features.
• ARM TrustZone CryptoCell 310 for Root of Trust and Hardware-Accelerated Cryptography.
• Secure Boot with signed firmware verification and Authenticated DFU for updates.
• DebugInterface protected by APPROTECT; unauthorized access is only possible by complete deletion.
• Memory Protection Unit (MPU) and Access Control Lists (ACL) prevent unauthorized memory access.

Chipset Comparison

‍

Result

Thanks to our choice of high-quality Nordic chips, our customers can be confident that BlueID locking systems are not affected by the recently discovered ESP32 vulnerabilities. We remain true to our commitment to the highest safety standards and continue to rely on proven and safe technologies.