| ▲ | ryukoposting 4 days ago |
| As someone who finally recently escaped bluetooth firmware development: yes, Bluetooth is leaking secrets and it doesn't even require any silly RF shenanigans. Almost nothing actually implements LESC. Apple refuses to implement OOB pairing, so no peripherals can force you to use it, so everything is subject to MITM attacks. The entire ecosystem is a mess of consultants and underpaid devs copy-pasting Nordic sample code, with no time or financial incentive to do more than the bare minumum. Never trust any product that moves sensitive data through Bluetooth. |
|
| ▲ | 9029 3 days ago | parent | next [-] |
| Do you have an opinion on the keyboard firmware ZMK? They seem to use LESC but MITM during pairing is still a concern: https://zmk.dev/docs/features/bluetooth |
| |
| ▲ | ryukoposting 3 days ago | parent [-] | | It's a keyboard, I wouldn't fret about it. The idea that someone is going to steal your keystrokes to get your passwords is pretty moustache-twirly. I'm more concerned about card readers, medical devices, etc. | | |
| ▲ | wongarsu 3 days ago | parent | next [-] | | I think we can safely assume that a device that does that for entire offices at once is in the NSA's current ANT catalog. And other state actors are probably not far behind The only thing making these kinds of attacks unattractive is that most companies are too stingy to buy anything better than a cheap wired Logitech keyboard | | | |
| ▲ | imglorp 3 days ago | parent | prev | next [-] | | Isn't this kind of thing a trinket at Defcon these days like the pineapple thing, or even a Flipper plugin? Ie not super hard to get and not so much mustache. | | |
| ▲ | ryukoposting 3 days ago | parent [-] | | The problem isn't the technology, it's all the surrounding logistics and incentives. Why hack a thing that few people use, and that you must collect data from for several minutes/hours/days, when you could hack something equally insecure that more people use, and provides more valuable data in less time? |
| |
| ▲ | amitprayal a day ago | parent | prev [-] | | moustache-twirly implying highly improbable? |
|
|
|
| ▲ | matthewdgreen 4 days ago | parent | prev | next [-] |
| Apple claims to have implemented an entire second security level for their Bluetooth apps based on iMessage, but I trust it not at all. (To be clear, I trust the iMessage protocol with reasonable confidence. I judge the probability that Apple has applied this extra layer of security uniformly to all sensitive data to be about 8%.) |
| |
| ▲ | ggm 4 days ago | parent | next [-] | | 8.75% surely? you need at least two digits of specious precision on that non-random number. | | |
| ▲ | cozzyd 3 days ago | parent [-] | | More likely 8.333% I would think (1/12). The same probability of a broken clock yielding the correct hour. |
| |
| ▲ | cozzyd 4 days ago | parent | prev | next [-] | | Text written with a non-apple Bluetooth keyboard is green? | |
| ▲ | hulitu 3 days ago | parent | prev [-] | | > Apple claims to have implemented an entire second security level for their Bluetooth apps based on iMessage, iMessage... the golden standard for 1click RCE. /s |
|
|
| ▲ | SXX 4 days ago | parent | prev [-] |
| Just curious if it that insecure how does Magic Keyboard with Touch ID works? Does it use some apple proprietary "magic"? |
| |
| ▲ | makeitdouble 4 days ago | parent | next [-] | | > "magic" They're on an proprietary extension of Bluetooth, standard compatible but closed to their devices. They usually don't talk much about it, Phil Schiller was the most explicit I think (it was about the airpod's W1 but it's the same deal) https://www.theverge.com/2016/9/7/12829190/apple-w1-chip-iph... > Apple’s Phil Schiller described Apple’s move to a new wireless chip as “fixing the challenges” of wireless audio | |
| ▲ | ryukoposting 3 days ago | parent | prev [-] | | The short answer is yes, it's proprietary shenanigans. Apple likes security for Apple peripherals connected to Apple iPhones, and they consciously undermine security of anything else. |
|
