Ohio State News: Study uncovers new threat to security and privacy of Bluetooth devices

Ohio State News: Study uncovers new threat to security and privacy of Bluetooth devices. “Mobile devices that use Bluetooth are vulnerable to a glitch that could allow attackers to track a user’s location, a new study has found. The research revolves around Bluetooth Low Energy (BLE), a type of Bluetooth that uses less energy when compared to Bluetooth Classic (an earlier generation of Bluetooth). On smartwatches and smartphones, billions of people rely on this type of wireless communication for all types of activities, ranging from entertainment and sports to retail and health care.”

Ars Technica: New Bluetooth hack can unlock your Tesla—and all kinds of other devices

Ars Technica: New Bluetooth hack can unlock your Tesla—and all kinds of other devices. “When you use your phone to unlock a Tesla, the device and the car use Bluetooth signals to measure their proximity to each other…. This proximity authentication works on the assumption that the key stored on the phone can only be transmitted when the locked device is within Bluetooth range. Now, a researcher has devised a hack that allows him to unlock millions of Teslas—and countless other devices—even when the authenticating phone or key fob is hundreds of yards or miles away.”

Ars Technica: Apple, Google, and Microsoft want to kill the password with “Passkey” standard

Ars Technica: Apple, Google, and Microsoft want to kill the password with “Passkey” standard. “The standard is being called either a ‘multi-device FIDO credential’ or just a ‘passkey.’ Instead of a long string of characters, this new scheme would have the app or website you’re logging in to push a request to your phone for authentication. From there, you’d need to unlock the phone, authenticate with some kind of pin or biometric, and then you’re on your way.”

The Times: Stolen AirPods give away Russian retreat positions

The Times: Stolen AirPods give away Russian retreat positions. “A Ukrainian man has been able to track the redeployment of Russian troops to the east of the country via a pair of wireless earbuds looted from his home near Kyiv. Vitaliy Semenets used the ‘Find my’ feature available on Apple products to follow the progress of the stolen Airpod via Bluetooth technology.”

Ubergizmo: A COVID-19 Home Testing Kit Was Hacked To Display Fake Results

Ubergizmo: A COVID-19 Home Testing Kit Was Hacked To Display Fake Results. “Thanks to technology, we are seeing an increasing number of home testing kits for various diseases that can be uploaded onto our phones and then uploaded online to our doctors, so that they can monitor our health remotely and get the latest information. It sounds convenient, but there is also some danger to that. A good example would be recently, F-Secure researcher Ken Gannon discovered a vulnerability in Ellume’s nasal swab test, which is a home testing kit for COVID-19.”

Mashable: Apple AirTags used to show possessions of unhoused people taken to dump

Mashable: Apple AirTags used to show possessions of unhoused people taken to dump . “Ethically, the power to covertly track things with AirTags is a doubled-edged sword. The tiny Bluetooth devices from Apple are notoriously creepy. However, according to the Portland Tribune, they also helped one Portland, Oregon, lawyer prove that a city contractor was illegally sending unhoused people’s property to the landfill.”

The Daily Swig: Bluetooth pairing, pwned: Security researchers discover fresh wave of ‘impersonation attack’ flaws in wireless tech

The Daily Swig: Bluetooth pairing, pwned: Security researchers discover fresh wave of ‘impersonation attack’ flaws in wireless tech. “Attackers were able to impersonate legitimate devices during the Bluetooth pairing process because of inherent security weaknesses in the Bluetooth Core and Bluetooth Mesh specifications that underpin the ubiquitous wireless technology.”

The Guardian: ‘Smart’ male chastity device can be controlled by hackers, users warned

The Guardian: ‘Smart’ male chastity device can be controlled by hackers, users warned. “The maker of a ‘smart’ male chastity device has recommended using a screwdriver to break it open after warnings it can be locked remotely by hackers. The Bluetooth-controlled Cellmate device can only be unlocked via an app. Its manufacturer, the Chinese company Qiui, issued a video titled ‘When nothing else works’, showing the screwdriver fix.”

NBC News: Covid apps went through the hype cycle. Now, they might be ready to work.

NBC News: Covid apps went through the hype cycle. Now, they might be ready to work.. “Jen Tracy, 36, was sick of hearing people bickering about how to respond to the coronavirus pandemic and last week, New Jersey offered an alternative she liked better: a smartphone app. Tracy, who lives in Pine Hill, New Jersey, became one of the early adopters of an app the state rolled out to try to slow the spread of Covid-19. The app displays statistics, such as the percentage of people who are reporting symptoms, and maybe more importantly, it’s designed to alert people if they’ve been near someone else who’s tested positive.”

BBC: Singapore rolls out Covid tracing tokens

BBC: Singapore rolls out Covid tracing tokens. “Singapore is distributing tens of thousands of devices that can track who a person has interacted with. The small bluetooth device is meant for those who do not own smartphones and cannot use a contact tracing app that was previously rolled out by the Singapore government.”

Make Tech Easier: New Vulnerability, BLURtooth, Attacks Bluetooth Devices

Make Tech Easier: New Vulnerability, BLURtooth, Attacks Bluetooth Devices. “It seems nothing is safe from technology attacks these days. Attackers will find a way to attack any device or service that it is able to. A recent vulnerability, BLURtooth, attacks the component used for setting up authentication keys when pairing Bluetooth-capable devices. Yes, even that is something you need to worry about not being safe.”

Washington Post: I downloaded America’s first coronavirus exposure app. You should too.

Washington Post: I downloaded America’s first coronavirus exposure app. You should too.. “For the past week and a half, 35 Washington Post staff members have been helping me test America’s first exposure-notification app using technology from Apple and Google. It’s called Covidwise, and works in the state of Virginia. Made by state health departments, similar apps are also now available in North Dakota (Care19 Alert), Wyoming (also called Care19 Alert), and Alabama (Guidesafe). A Pennsylvania app is due to arrive in September and will be compatible with one from Delaware. In total, 20 states and territories are developing apps that will cover nearly half the U.S. population. (We’ll continue to update as more arrive.)”

VentureBeat: Bluetooth bracelets are an identity-blind option for digital contact tracing

VentureBeat: Bluetooth bracelets are an identity-blind option for digital contact tracing. “Bluetooth tags are standalone Bluetooth radios that can be deployed in wearable bracelets. Thanks to recent developments in IoT technology, Bluetooth bracelets can cost just a dollar or two and run for 10 years on a coin cell battery. Therefore, in areas where people don’t own or operate smartphones, governments can affordably deploy Bluetooth bracelets. Ideally, Bluetooth bracelets and smartphones can complement each other in enabling an effective digital tracing solution.”