ryukoposting
3 months ago
As someone who finally recently escaped bluetooth firmware development: yes, Bluetooth is leaking secrets and it doesn't even require any silly RF shenanigans. Almost nothing actually implements LESC. Apple refuses to implement OOB pairing, so no peripherals can force you to use it, so everything is subject to MITM attacks. The entire ecosystem is a mess of consultants and underpaid devs copy-pasting Nordic sample code, with no time or financial incentive to do more than the bare minumum. Never trust any product that moves sensitive data through Bluetooth.
9029
3 months ago
Do you have an opinion on the keyboard firmware ZMK? They seem to use LESC but MITM during pairing is still a concern: https://zmk.dev/docs/features/bluetooth
ryukoposting
3 months ago
It's a keyboard, I wouldn't fret about it. The idea that someone is going to steal your keystrokes to get your passwords is pretty moustache-twirly.
I'm more concerned about card readers, medical devices, etc.
wongarsu
3 months ago
I think we can safely assume that a device that does that for entire offices at once is in the NSA's current ANT catalog. And other state actors are probably not far behind
The only thing making these kinds of attacks unattractive is that most companies are too stingy to buy anything better than a cheap wired Logitech keyboard
user
3 months ago
imglorp
3 months ago
Isn't this kind of thing a trinket at Defcon these days like the pineapple thing, or even a Flipper plugin? Ie not super hard to get and not so much mustache.
ryukoposting
3 months ago
The problem isn't the technology, it's all the surrounding logistics and incentives. Why hack a thing that few people use, and that you must collect data from for several minutes/hours/days, when you could hack something equally insecure that more people use, and provides more valuable data in less time?
amitprayal
3 months ago
moustache-twirly implying highly improbable?
matthewdgreen
3 months ago
Apple claims to have implemented an entire second security level for their Bluetooth apps based on iMessage, but I trust it not at all.
(To be clear, I trust the iMessage protocol with reasonable confidence. I judge the probability that Apple has applied this extra layer of security uniformly to all sensitive data to be about 8%.)
ggm
3 months ago
8.75% surely? you need at least two digits of specious precision on that non-random number.
cozzyd
3 months ago
More likely 8.333% I would think (1/12). The same probability of a broken clock yielding the correct hour.
cozzyd
3 months ago
Text written with a non-apple Bluetooth keyboard is green?
hulitu
3 months ago
> Apple claims to have implemented an entire second security level for their Bluetooth apps based on iMessage,
iMessage... the golden standard for 1click RCE. /s
SXX
3 months ago
Just curious if it that insecure how does Magic Keyboard with Touch ID works? Does it use some apple proprietary "magic"?
makeitdouble
3 months ago
> "magic"
They're on an proprietary extension of Bluetooth, standard compatible but closed to their devices. They usually don't talk much about it, Phil Schiller was the most explicit I think (it was about the airpod's W1 but it's the same deal)
https://www.theverge.com/2016/9/7/12829190/apple-w1-chip-iph...
> Apple’s Phil Schiller described Apple’s move to a new wireless chip as “fixing the challenges” of wireless audio
ryukoposting
3 months ago
The short answer is yes, it's proprietary shenanigans. Apple likes security for Apple peripherals connected to Apple iPhones, and they consciously undermine security of anything else.