In such a system, the ESP32 fully trusts the host. If an attacker maliciously gains control over the host system, they could potentially issue these debug commands to influence ESP32’s behavior. However, an attacker must first compromise the host device, making this a second-stage attack vector rather than a standalone vulnerability. Or, gain a physical access to the device to send the HCI commands over serial interface.

Does this even count as backdoor? Not really if you have to have access to the device in the first place.

https://www.youtube.com/watch?v=ndM369oJ0tk

Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it’s functioning and maintenance so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after. It doesn’t have to be malicious or illegal.

https://youtu.be/0jK0ytvjv-E

His efforts to sabotage their network began that year, and by the next year, he had planted different forms of malicious code, creating “infinite loops” that deleted coworker profile files, preventing legitimate logins and causing system crashes

I wish this guy was were actually politically motivated, but he seems to have been just really petty minded person.