General > General Technical Chat
Bluetooth Low Energy is unsuitable for COVID-19 contact tracing, say inventors
Syntax Error:
@cdev : The UK goverment has overcome this problem by telling it's citizens to return to work AND to avoid using public transport. Easy... if you can afford to pay the parking fines which are still being enforced.
With regard to the BLE tracking apps, I would like to know just how many concurrent connections a BLE app can handle. I know the manual says upto 20, but in the real world with everyone milling about like zombies in face masks?
SilverSolder:
--- Quote from: Syntax Error on May 15, 2020, 11:52:34 pm ---@cdev : The UK goverment has overcome this problem by telling it's citizens to return to work AND to avoid using public transport. Easy... if you can afford to pay the parking fines which are still being enforced.
With regard to the BLE tracking apps, I would like to know just how many concurrent connections a BLE app can handle. I know the manual says upto 20, but in the real world with everyone milling about like zombies in face masks?
--- End quote ---
BLE is an unstable mess, IME. I worked on a project once that used BLE to communicate with some hardware... every version of the OS behaved slightly differently, connections were randomly dropped and reappeared, etc. etc. - it all fueled the deep hatred for everything Bluetooth that I still harbour today!
cdev:
A couple of years ago I went around to all my computers and physically disabled the bluetooth on my own computers. But I didn't remember the exact reason why until a search here jogged my memory..
https://www.eevblog.com/forum/microcontrollers/major-bluetooth-security-issue-blueborne/msg1300894/#msg1300894
Bluetoooth has serious security flaws that seem to be able to result in attackers being able to completely pwn a machine..
https://www.bleepingcomputer.com/news/security/blueborne-vulnerabilities-impact-over-5-billion-bluetooth-enabled-devices/
This article claims that 5 BILLION devices are vulnerable. Basically all bluetooth devices.
This is why I literally almost never use it anymore. To the point of having taken steps to disable it so it literally cant be turned on. On older hardware (all of my hardware, basically, at that point, and I have not bought new) that they refuse to fix, the security issue seems to be that bad.
--- Quote from: SilverSolder on May 16, 2020, 12:00:04 am ---
--- Quote from: Syntax Error on May 15, 2020, 11:52:34 pm ---@cdev : The UK goverment has overcome this problem by telling it's citizens to return to work AND to avoid using public transport. Easy... if you can afford to pay the parking fines which are still being enforced.
With regard to the BLE tracking apps, I would like to know just how many concurrent connections a BLE app can handle. I know the manual says upto 20, but in the real world with everyone milling about like zombies in face masks?
--- End quote ---
BLE is an unstable mess, IME. I worked on a project once that used BLE to communicate with some hardware... every version of the OS behaved slightly differently, connections were randomly dropped and reappeared, etc. etc. - it all fueled the deep hatred for everything Bluetooth that I still harbour today!
--- End quote ---
It's a security nightmare.
This quote is from 2017
--- Quote from: jnz on September 19, 2017, 03:57:04 pm ---
--- Quote from: julian1 on September 14, 2017, 09:30:59 pm ---With a buffer overflow in the bluetooth kernel module, you can execute code to modify kernel data structures.
--- End quote ---
--- Quote from: nidlaX on September 14, 2017, 11:27:33 pm ---Read their technical white paper, each exploit is discussed in detail with offending code snippets from the OS stack source / disassembled stack binaries.
--- End quote ---
I read the technical paper, well, skimmed to the best of my attention span; Bluetooth is tough for the very reasons this hack exists it doesn't use a separate layer like TCPIP it just has all the packing and protocols built in - super dumb, kinda hard to follow. Anyhow, I am STILL not seeing how BT data is becoming OS level instructions. He talks about how the linux kernel is particularly susepible to this exploit because you will have some awareness of the kernel calls and structures.
I guess my issue is I'm coming from Bluetooth modules that run their own stacks and the host CPU just interfaces, almost never applications where the host CPU is running the BT stack itself. That said... since a lot of the hack involves L2CAP, and BLE uses the same L2CAP as BT, I wonder if low energy exploits may be coming.
--- End quote ---
Zero999:
We also need good old fashioned contact tracing, which involves manually finding those who've had close contact with an infected person, testing them and isolating them if they're positive. The app might be able to help with that, but it's not a magic bullet.
cdev:
I don't know about the situation in the UK, but it seems likely to be similar to here.
TRUMP - 'When you test, you have a case. When you test, you find something is wrong with people. If we didn't do any testing we would have very few cases'.
See it in context:
https://twitter.com/atrupar/status/1261017121078861826
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version