VentureBeat: Bluetooth bracelets are an identity-blind option for digital contact tracing. “Bluetooth tags are standalone Bluetooth radios that can be deployed in wearable bracelets. Thanks to recent developments in IoT technology, Bluetooth bracelets can cost just a dollar or two and run for 10 years on a coin cell battery. Therefore, in areas where people don’t own or operate smartphones, governments can affordably deploy Bluetooth bracelets. Ideally, Bluetooth bracelets and smartphones can complement each other in enabling an effective digital tracing solution.”
Tom’s Guide: Apple and Google team up to fight coronavirus with contact tracing. “Today, Apple and Google announced a surprising collaboration: the two will unite to bring contact tracing to their smartphones in order to fight coronavirus. And both companies are committed to doing so while respecting user privacy. In posts made by both Apple and Google, the companies declared ‘a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design.'”
EurekAlert: Bluetooth signals from your smartphone could automate COVID-19 contact tracing. “A team led by MIT researchers and including experts from many institutions is developing a system that augments ‘manual’ contact tracing by public health officials, while preserving the privacy of all individuals. The system relies on short-range Bluetooth signals emitted from people’s smartphones. These signals represent random strings of numbers, likened to ‘chirps’ that other nearby smartphones can remember hearing.”
TechHive: Google is ‘aware’ of buggy Bluetooth for Home and Nest speakers and working on a fix. “For months, users of Google’s Home and Nest speakers have been complaining that their devices can’t hold a steady Bluetooth connection to a phone or an external speaker, and now Google says it’s looking for a fix.”
The Register: A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range. “The flaws, collectively dubbed SWEYNTOOTH (because every bug has to have its own name these days), allow a suitably skilled attacker to crash or deadlock BLE devices, or to bypass pairing security to gain arbitrary read and write access to device functions.”
Engadget: Android security flaw lets attackers send malware over Bluetooth. “If you’re using a not-quite current Android phone, you’ll probably want to check for an update. Security researchers at ERNW have detailed a vulnerability, BlueFrag, that lets attackers silently deliver malware to and steal data from nearby phones running Android 8 Oreo or Android 9 Pie.”
BBC: Hong Kong protesters using Bluetooth Bridgefy app. “Pro-democracy protesters in Hong Kong have been turning to a new app to communicate – one that does not use the internet and is therefore harder for the Chinese authorities to trace. Bridgefy is based on Bluetooth and allows protesters to communicate with each other without internet connection.”
The Next Web, and did you really need that image?: Critical KNOB exploit penetrates gaping Bluetooth vulnerability. “Researchers have discovered a vulnerability in Bluetooth’s authentication protocols which, if properly executed, could allow an attacker to conduct a man-in-the-middle attack between two paired devices. This could see an adversary intercept and alter files while they’re in transit, as well as potentially listening in on conversations conducted via Bluetooth.”
TechCrunch: A pair of new Bluetooth security flaws expose wireless access points to attack. “The two bugs are found in Bluetooth Low Energy chips built by Texas Instruments, which networking device makers — like Aruba, Cisco and Meraki — use in their line-up of enterprise wireless access points. Although the two bugs are distinctly different and target a range of models, the vulnerabilities can allow an attacker to take over an access point and break into an enterprise network or jump over the virtual walls that separate networks.”
CNET: Bluetooth pairing has a security hole. Get ready for updates. “When you pair a couple of Bluetooth devices, like your phone and computer, they exchange encryption keys. But it turns out the Bluetooth specification didn’t require that both of them completely validate those keys. Well, it does now. “
Cylance: Turn Off Bluetooth: BlueBorne ZeroDays Disclosed. “Last month, I wrote about Broadpwn. Broadpwn is an exploit which can be used to take over many smartphones and tablets, iPhones and Android devices alike. It targets Broadcom Wifi chipsets, which are used in mobile devices from a variety of OEMs including Apple and Samsung. The bright side is that it’s simply a vulnerability that was found by a security researcher, and updating to the latest versions of iOS and Android patches the vulnerability. That’s not the case for this Bluetooth exploit, however. Armis Labs discovered eight zero day vulnerabilities. That’s right – BlueBorne is a collection of vulnerabilities, many with patches that are still being developed.”
ZDNet: Security flaws put billions of Bluetooth phones, devices at risk. “The more serious flaws allow an attacker to gain control of affected devices and their data, and steal sensitive business data from corporate networks. Malware exploiting the attack vector may be particularly virulent by passing peer-to-peer and jumping laterally, infecting adjacent devices when Bluetooth is switched on, said the researchers.”
The Register: Chrome 56 quietly added Bluetooth snitch API. “When Google popped out Chrome 56 at the end of January it was keen to remind us it’s making the web safer by flagging non-HTTPS sites. But Google made little effort to publicise another feature that’s decidedly less friendly to privacy, because it lets websites connect to Bluetooth devices and harvest information from them through the browser.”
Uri Shaked: Exploring the Physical Web (Without Buying Beacons) “The Physical Web is still pretty new, but the basic idea is that the Physical Web lets you broadcast any URL to the people around you. Awesome, right? The Physical Web lets you anchor URLs to physical places by way of a BLE beacon, effectively allowing you to ‘park’ a webpage, link to a file, etc., wherever you want.”
I knew about beacons because of their expanding use in retail, but this article showed me how accessible the Physical Web is to anybody.
Google has launched a competitor to iBeacon.
“If you’re not familiar, beacons are low-energy battery-friendly hardware that use Bluetooth to transmit data. Since Bluetooth connections have a much smaller range public Wi-Fi and work indoors unlike GPS, it allows retailers, developers and companies to precisely pinpoint the user’s location and send relevant information based on where consumers currently are.”
iBeacon, if you don’t know, is from Apple. Facebook is getting into beacons as well.