We’re not sure exactly what Tulip is, because it’s so many things all at once. It’s a music-making environment that’s programmable in Python, runs on your big computer or on an ESP32-S3 ...

With this feature provided by the ESP32-C3 SoC inside the device, the question was how secure it is. As it turns out not very secure, with [Aaron] covering the exploit in a Twitter thread.

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.