General > General Technical Chat
Bluetooth Low Energy is unsuitable for COVID-19 contact tracing, say inventors
julianhigginson:
--- Quote from: cdev on May 16, 2020, 01:25:11 am ---
It's a security nightmare.
This quote is from 2017
--- End quote ---
Blueborne is old news. Do you think anything new still has these vulnerabilities at a level that will cause practical risk to an everyday user?
If anything, it's just one more reason to make sure hardware manufacturers need to be forced to build critical security issue update support into their prices.
https://duo.com/decipher/an-analysis-of-blueborne-bluetooth-security-risks
I really don't see blueborne as any kind of modern reason to leave bluetooth turned off these days unless you have a very specific reason to do so. In fact the only time I ever hear of it these days is when my old music scene friend from years ago keeps banging on about it on facebook as a reason why all wireless communications is faulty spyware and 5G needs to be stopped.
And unfortunately, pretty much anything to do with any device running a general purpose OS is a security nightmare.
Check out what was just discovered about thunderbolt (fundamental issue for at least all of the TB1-3 interfaces) if you want scary.
Any computer with a thunderbolt port turned on is now up for evil maid attacks.
And there's no bios fix to be had, it's a fundamental fault with the direct RAM access that a fast port like this needs to be able to work
https://thenextweb.com/security/2020/05/11/theres-a-new-thunderbolt-bug-check-if-your-computer-is-affected/
or look at the latest issues around iOS exploits - exploit vendors have stopped offering $ for them for now, as they have too many.
https://www.theregister.co.uk/2020/05/14/zerodium_ios_flaws/
Zero999:
--- Quote from: David Hess on May 17, 2020, 12:57:03 am ---
--- Quote from: Zero999 on May 16, 2020, 07:56:18 pm ---True, but there doesn't seem to be any evidence they're lying either. They aren't any signs that it's getting out of control such as hospitals packed full of COVID-19 patients, or bodies piling up, like they were before.
--- End quote ---
Evidence from doctors and journalists who China has been persecuting for revealing what has been happening? Who is left to report?
--- End quote ---
We're not talking about an individual, like a child who you won't believe because they lied about doing something naughty, but they say they're honestly telling the truth this time, so you should believe them. All governments are multilayered. It's possible the local authorities covered it up and the national government were ignorant at the start of the crisis, but when they found out they dealt with it. This is like a teacher not telling the head about a group of pupils' bad behaviour, because the fear they'll get into trouble for not being able to deal with them, but once the head found out there were behavioural problems in the class, they dealt with the culprits and are keeping an eye out for any troublemakers who slipped through the net.
China has changed a lot since the last 40 years. It's not a democracy, but it's no longer a completely closed society. Information leaks out of the country, whether the government likes it or not. If the coronavirus situation is getting out of control again then there would be plenty of reports about it, as there were before, in spite of the cover up. The fact that this time the Chinese have admitted that there are new outbreaks of COVID-19, rather than covering it up as they did previously, suggests they're not lying about it now.
--- Quote from: julianhigginson on May 17, 2020, 06:42:14 am ---
--- Quote from: NANDBlog on May 15, 2020, 09:01:49 pm ---Yeah, but this is a virus. It doesnt work like radioactivity or as a aura around people. That 1.5m rule they say everywhere is better than nothing but it is not even close to modeling all the transmission methods. You can spend probably hours within 1.5m from someone, and turn up fine, if you are facing the opposite way. On the other hand if someone sneezes at you from 10m, you might get what they have. Or you touch a door knob, that someone infected touched a day ago.
Or they grab a bottle of milk, that you buy, put in the fridge, the virus goes to sleep mode, and reactivate itself two weeks later.
So I guess bluetooth should track these as well.
There is a way for mobile phones to help in this situation. Build in an infrared temperature meter, to quickly measure forehead temperature.
--- End quote ---
My point is that something DOES NOT have to be perfect or work in 100% of cases to still be valuable.
At the end of the day it's not specific performance of the tool in specific individual cases, but if rolled out over a population it allows R0 to be brought down lower than it would be otherwise.
If all it turns out to do is create a bunch of bad possible transmission links that prove to be a waste of time to the tracing effort, then sure, stop using it.. but that would want to be borne out of real data.... My expectation is that because it's capturing links to people you have been near for extended periods of time, it could be very useful.
--- End quote ---
Yes, that is what I've being saying all a long. Contact tracing isn't new. It existed long before smartphones and has other applications than controlling infectious diseases. If there's an outbreak of food poisoning then contact tracing is one of the tools used used to find the source, such as a rat infested restaurant or a supermarket selling out of date food. The app is just another tool in addition to the usual detective work.
Hopefully the authorities were investing heavily in manual contract tracing, not just the app, but training thousands of people to do it, whilst the economy was put into an induced coma. If controls are relaxed before there's sufficient capacity to control the infection, then it'll just flare up again. Some countries are doing better than others, which is partly down to geographical factors, as well as the competence of the governments. More isolated countries, who locked down earlier in their epidemics will stand a higher chance of a better outcomes, than those who are international hubs.
cdev:
All of my hardware is pre 2017 hardware - which isnt that old, is still so old the manufacturers who wants to sell new hardware didn't upgrade its FIRMWARE, instead saying that EOL hardware wont be fixed. So BT got turned off and it stays off. Only Linux hardware has been kept current. I had the freedom to turn off Bluetooth in all my devices, so I have.
Why don't they use high res CCTV inside of subways/busses? Thats really the only way to do what they want that has any chance of being even remotely accurate.
--- Quote from: julianhigginson on May 17, 2020, 07:01:42 am ---
--- Quote from: cdev on May 16, 2020, 01:25:11 am ---
It's a security nightmare.
This quote is from 2017
--- End quote ---
Blueborne is old news. Do you think anything new still has these vulnerabilities at a level that will cause practical risk to an everyday user?
If anything, it's just one more reason to make sure hardware manufacturers need to be forced to build critical security issue update support into their prices.
https://duo.com/decipher/an-analysis-of-blueborne-bluetooth-security-risks
I really don't see blueborne as any kind of modern reason to leave bluetooth turned off these days unless you have a very specific reason to do so. In fact the only time I ever hear of it these days is when my old music scene friend from years ago keeps banging on about it on facebook as a reason why all wireless communications is faulty spyware and 5G needs to be stopped.
And unfortunately, pretty much anything to do with any device running a general purpose OS is a security nightmare.
Check out what was just discovered about thunderbolt (fundamental issue for at least all of the TB1-3 interfaces) if you want scary.
Any computer with a thunderbolt port turned on is now up for evil maid attacks.
And there's no bios fix to be had, it's a fundamental fault with the direct RAM access that a fast port like this needs to be able to work
https://thenextweb.com/security/2020/05/11/theres-a-new-thunderbolt-bug-check-if-your-computer-is-affected/
or look at the latest issues around iOS exploits - exploit vendors have stopped offering $ for them for now, as they have too many.
https://www.theregister.co.uk/2020/05/14/zerodium_ios_flaws/
--- End quote ---
cdev:
Are they actually contract tracing?
An inaccurate Blutooth App is actually a good way to guarantee that their staff is flooded with inaccurate, noisy information probably guaranteeing they dont have time to do the real contact tracing that might be called for.
If they took high resolution CCTV of all those places where people are crammed together, that would be helpful. Also they should only allow as many people on busses and subway cars as can stand safety some modest distance away from others not talking while trying to breath shallowly. Otherwise, as somebody who has commuted a very large chunk of my life, its just impossible.
Worst was when the World Cup was being held right near my workplace.
Zero999:
I hope they are contact tracing. Yes CCTV is a good idea, perhaps using automatic image recognition could help, although that could cause privacy concerns. Not everywhere has CCTV though.
Another possibility is making people show ID before they go onto a bus or train where social distancing is difficult, then they can be contact traced if someone sitting close to them tests positive.
Looking into this more, I don't think contact tracing alone will be enough to control the virus. There will still need to be significant social distancing in place until we either have a vaccine or sufficient herd immunity gradually develops naturally. It's just too easily spread via asymptomatic carriers to trace everyone. There will be perodic flare-ups followed by containment via lockdowns. Contact tracing will just help to find the flare-ups so the lockdowns can be more localised.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version