Comment on Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking
fort_burp@feddit.nl 3 weeks ago
GOOGLE DESIGNED THE wireless protocol known as Fast Pair to optimize for ultra-convenient connections: It lets users connect their Bluetooth gadgets with Android and ChromeOS devices in a single tap.
Bluetooth pairing is not a difficult process, imagine creating a whole new attack vector for that. And of course security was an afterthought. Capitalism is amazing for wasting resources and getting bad results for it.
I’d agree security needs more attention when developing protocols and products, and, I’d also consider Bluetooth simple. That being said, I know plenty of folks that don’t like the Bluetooth pairing process, especially those without a technical background.
Fast Pair is really convenient, and I’d say it can open the door for a lot of new experiences, but I do wish the developers put more effort into their TARA.
A lot of people genuinely find Fast Pair to be a big improvement over traditional Bluetooth pairing. So why is it such a bad idea for a company to design a protocol that solves the problem? Also Bluetooth pairing has had its own share of vulnerabilities over the years this issue isnt really unique to Fast Pair.
To each their own, no doubt. Personally I’m just in awe at how modern tech actually makes people tech-illiterate, and seemingly at a faster clip each year. Throw in an additional attack surface and that just makes it, for me, net minus. There are social and political implications to being tech-illiterate and tech-dependent (especially dependent on foreign and/or rogue states), which is another minus in my book.
zarenki@lemmy.ml 3 weeks ago
I think it’s far more common for devices to get pairing wrong than to get it right.
Just a few of the very common issues I’ve seen in various devices:
ragebutt@lemmy.dbzer0.com 3 weeks ago
On this note: if you root your webos tv there’s an app to truly disable Bluetooth, assuming you don’t use it. Imagine my surprise when one day my tv turned on with a request to allow my neighbors phone to connect to it? Modern convenience. I’m sure my neighbor just fat fingered the device list while trying to connect something else but the fact that it was even an option is absurd
zarenki@lemmy.ml 3 weeks ago
My experience is mostly with Sony TVs, which run near-stock Android TV and do have a settings toggle to disable Bluetooth without needing root. Some models need BT for voice search (if mic is in the remote), and to many people losing that might be a good thing, but others seem to need it for basic menu navigation from the stock remote because odd features like trackpad don’t blast through IR. Considering how often I see unfamiliar TVs listed when I look at my phone’s Bluetooth pairing menu, I knew plenty of other TV vendors use constant discoverable mode.
Having strangers within wireless range (especially for 2.4 GHz, but 5 GHz can be bad too) be able to intentionally and/or repeatedly interrupt what you’re doing with a pairing request at any time absolutely should be seen as a severe security flaw in my eyes. Even if they can’t successfully pair, the request prompt is akin to denial-of-service. Being such a blatant flaw that people often do it by mistake is even worse.