[HN Gopher] Critical Bluetooth vulnerability in Android ___________________________________________________________________ Critical Bluetooth vulnerability in Android Author : photon-torpedo Score : 413 points Date : 2020-02-07 09:57 UTC (13 hours ago) (HTM) web link (insinuator.net) (TXT) w3m dump (insinuator.net) | nickcw wrote: | > As soon as we are confident that patches have reached the end | users, we will publish a technical report on this vulnerability | including a description of the exploit as well as Proof of | Concept code. | | It is likely to be a long time to never for most Android phones | to receive patches for this :-( | joelthelion wrote: | On the plus side, could this be used to root phones? | photon-torpedo wrote: | > only the Bluetooth MAC address of the target devices has to be | known | | Android has a feature of "Bluetooth scanning" to improve device | location (similar to Wifi scanning). I'm not sure, but even if | Bluetooth is disabled in the menu, this might still activate | Bluetooth occasionally and perhaps reveal the Bluetooth MAC to | the (nearby) world? | dspillett wrote: | IIRC that doesn't enable BT if disabled, only uses it if | available. | bepvte wrote: | It says "Bluetooth scanning -- Let apps use Bluetooth for | more accurate location detection, even when Bluetooth is | off." I doubt it makes the device discoverable though. | matchbok wrote: | Android is such a mess. Google needs to do a rewrite and dump | legacy support. | drummer wrote: | Quite possibly the worst piece of software ever. Hot garbage. | [deleted] | eximius wrote: | I mean, they kind of are... | https://en.wikipedia.org/wiki/Google_Fuchsia | microcolonel wrote: | Gotta say, having worked with the Android Bluetooth stack, I'd be | surprised if there weren't lots of serious issues like this. The | handling of pointers in there is often both _clever_ and _not | helpful_. | tjoff wrote: | > _Only enable Bluetooth if strictly necessary. Keep in mind that | most Bluetooth enabled headphones also support wired analog | audio._ | | Reason #4373 that ditching the headphone jack is pure insanity. | | Sigh. | qubex wrote: | I'm also still using those SCSI interfaces and keeping a 51/4 | floppy drive in case I need to copy something over from punched | cards. | zentiggr wrote: | Don't go dissing that KSR-35 teletype with the paper tape | option :) That's how I talked to my 6502 dev board - way | better then membrane keyboard! | rorykoehler wrote: | Don't buy a headphone jackless phone. I haven't and won't ever. | I will stop using a phone before I use a jackless one. | hnburnsy wrote: | Are there phones with no external ports only use wireless | charging? I don't have any problems with usbc wired headset | or adapters. | [deleted] | ajsnigrutin wrote: | The problem is, that it's hard to find an otherwise good | phone with a jack. Want good photos, lots of storage, fast | cpu, and a good screen? You need a flagship phone. Want | security updates for stuff like this now? You're either stuck | with Pixel phones or Samsung galaxy S? ones (or iphones)... | pixel doesnt have one anymore, galaxy s20 is rumored it wont | have one, and iphones don't have one. | komali2 wrote: | If you want a good camera the pixel 3a is there. | | The Galaxy s10 hit the critics like a storm. It got pretty | rave reviews. I'm on an s9 and I guess that'll be my next | phone whenever this one dies. | Ayesh wrote: | Xiaomi Note series have FM radio, 3.5mm jack, infrared | (make do remote control), 4 lenses (macro, telephoto, and | wide angle), and comes at around EUR225 for 128GB/6GB one. | There is no android security update recently, and the | current is Nov 2019. But they regularly send security | updates unlike other Chinese brands. | mackrevinack wrote: | samsung s10e is the only phone that checks all those boxes | and its also the only "small" phone too. I always said I | would never buy a phone without a headphone jack or a notch | but i made an exception for the s10e since its a punch hole | and spent really take away much screen space. | | but the way things are going I can't see a phone like this | ever being made again. so ill be using this for the | foreseeable future and will probably have to start using a | custom rom in a few years | wnevets wrote: | the 'a' branch of Pixel still have a headphone jack | nonbirithm wrote: | I was wanting a phone with a headphone jack but the only | one that fit my needs was an LG handset that cost $900 and | wasn't supported by ATT. The Galaxy Note crisis and general | dissatisfaction with a previous Galaxy ruled out any of | Samsung's phones for me. On the other hand the OnePlus 7 | Pro was only $499 with everything else I needed in a phone | - except a headphone jack. | | Maybe I hadn't looked hard enough. But my thought at the | time was for my needs I'd have to spend $400 more for a | headphone jack on a phone I might not be able to use with | my carrier. | | I ended up getting the 7 Pro and use a dual | headphone/charging adapter. I hate it and wonder what the | market has come to if they feel we should put up with this. | But that's the tradeoff I chose. | | My dream phone is one without the rounded corners or curved | screen, an SD card slot, a decent camera (at least Pixel XL | quality) and a headphone jack. | | I should also mention it's a miserable feeling to think | that a standard as hideously broken as Bluetooth is here to | stay because it's won out the short distance wireless | connection space and there's no going back and retrofitting | the billions of smartphones that will be forever fitted | with Bluetooth until they're thrown out. | anon73044 wrote: | Moto G8 Plus, better camera, bigger battery, better | screen resolution, sd slot, under $400 these days. | kbenson wrote: | I've been looking to get the new galaxy a51 when it comes | out in a week or so as a good mid-range phone, and they've | removed the jack on the new a-series phones as well. | | Pretty soon it will just be one or off brands and the | occasional weird model that have them (if it's not already | to that point). | artemist wrote: | I can think of one phone with a great camera and a | headphone jack: the Pixel 3a | sadfklsjlkjwt wrote: | Nokia also gets prompt Android updates. No headphone jack | on flagship models though. | gchokov wrote: | I haven't missed the jack for a single day. | squarefoot wrote: | I don't miss it as well, though that's because I refuse to | buy anything that doesn't expose analog out. The 3.5 jack is | certainly not the best engineered piece of hardware and is | prone to failure, but that should be rather a motivation to | produce a better one than an excuse to remove it. | magicalhippo wrote: | I miss the jack every single day. | | Recently the wire of my regular ear buds gave up (as they do) | and, since I had gotten some BT ones, I decided to use them. | They're Jabra Elite Sport, which got good reviews from what I | can recall. | | They're dropping out like crazy. It's seldom to get an entire | minute of music without a small dropout. The area around the | bus stop at work is particularly bad, with sound drops every | few seconds until I get away from that area. | | I upgraded the firmware and it got a bit better, but still | pretty poor. If I hold the phone in my hands and keep still | it's usually ok, but as soon as it goes into my pocket, all | bets are off. | | I don't miss the cable tangle, but I miss being able to enjoy | music. | Pxtl wrote: | Crazy. I paid $25CAD for cheap Chinese-brand behind-the- | ears headset (Suicen AX-698) and dropouts are very rare for | me. Happens occasionally - usually when I'm on the road and | a truck goes by - I assume some of those have very chatty | RF devices. But still, generally very rare. When I'm at the | gym working out they _never_ cut for me. | | Frustrating reality of modern purchasing - buying the | "expensive" one often gives you something not substantially | better than the cheap Chinese junk. | komali2 wrote: | I'm fat and so when my belly covers my phone in my | pocket, like when I'm leaning over, my Bluetooth cuts | out. Shit sucks lol. | oefrha wrote: | Generally the expensive ones are using the same | components as the cheap ones and simply upcharging you, | that's why. | | https://www.theverge.com/2019/11/7/20943377/chinese-hi- | fi-au... | | That said, I'm happy with my AirPods and Beats, which are | on the expensive side. The custom Bluetooth chip is | certainly more seamless than regular Bluetooth. | amaccuish wrote: | When I lived in Moscow, there was a bit just outside of my | metro station, a radius about 10 metres, where my bluetooth | headphones would just stop working. Absolutely bizarre. | canes123456 wrote: | I got the non sport ones due to the great reviews and they | suck. I would recommend AirPods, even for android. | cma wrote: | For the same price I'd recommend buying he latest $30 | ones every year for the next 4-5 years. You'll get better | battery life, eventually Bluetooth 5.2 with lowest | latency (sends directly instead of rebroadcasting to the | other ear), and probably at least one Bluetooth revision | beyond that adding true stereo support during microphone | use. | | If we're talking AirPods Pro you could buy new $30 ones | each year for the next 8 years, but atm nothing out there | seems to compete with transparency mode while still | having the fit of a silicon tip and no sealed in | feeling/internal pressure noises. | | For me I'm not going to spend a lot on any until the | latencies are good enough for gaming, along with stereo | while using the mic, and will stick to the cheaper ones | until then. | x0x0 wrote: | The problem is bluetooth is in year 26 or so of alpha | testing and wires are extremely reliable. For example, HTC | appears to be unable to ship a working bluetooth stack. | retSava wrote: | Have the same-ish, and it's pretty interesting. I think the | BT communication is from phone to the right earbud, then | something else (likely on 2.4GHz too) from right to left | earbud. | | When I switch on the office lights, enter the lift, open | the fridge door (light again) and similar things, the left | drops out briefly (on the order of 100ms). | magicalhippo wrote: | Yeah, when I walk through the theft detector at one of my | regular grocery stores, my left earbud falls out as I | pass through the magnetic field produced by the detector. | | It makes some analog radio noises when they fade out and | back in, so clearly something entirely different from BT. | | The right earbud plays music as normal through it all. | kevingadd wrote: | Thanks for the heads-up that these have a firmware update | available. I bought them because reviews suggested they | were the best earbuds available other than AirPods and I've | had all the same problems you describe, it's awful. | magicalhippo wrote: | The firmware update did improve things a lot, they were | not really usable before, but the result is still sub-par | for me at least :( | bengale wrote: | Maybe try a different set. My AirPods haven't dropped | connection a single time I've used them. They connect | immediately, and to drop the cliche, just work. | magicalhippo wrote: | Well yeah I've been thinking about it. But shelling out | for some with decent sound only to find that they also | suck would really be a bummer, so I'm tempted to just go | back to wired. | 45ure wrote: | >They're Jabra Elite Sport, which got good reviews from | what I can recall. | | >They're dropping out like crazy. It's seldom to get an | entire minute of music without a small dropout. The area | around the bus stop at work is particularly bad, with sound | drops every few seconds until I get away from that area. | | I would suggest reaching out to Jabra, as the symptoms | suggest a faulty pair. Furthermore, these buds came with an | extended 3-year warranty, albeit it was for failure as a | direct result of perspiration. | | I use mine the with an iPhone, and also tested them with an | older Android phone with Bluetooth 4.0. The firmware is on | release 5.6.0 (6th November 2019). Although, my pair | doesn't suffer from the same issues as yours. However, I | have had some issues with the battery life e.g. Jabra Sport | app and real world usage does not tally and the battery | life of the buds also deteriorates by 10% or more, by just | sitting in the charging case, if not used daily. | neuronic wrote: | I am probably adding to the pile of fanboyist Apple blah | blah but I honestly think my AirPods are the single best | tech purchase I have made in the last 5 years. They took | away so much hassle and work exactly like I would expect. | | AirPods are one fine product for daily casual use. | Obviously they aren't going to meet an audiophiles demand | at $150 but AirPods Pro might even be enough in that case. | | My AirPods drop out at the rate of once a month or | something. When it happens it's a quick fix and they have | been nothing but convenient otherwise. | | Would never use wired headphones again unless I am trying | to analyze a Beethoven piece. | stiray wrote: | Hm, I just cant get used how airpods look like while | people are wearing them. Like they would stick cigarettes | into their ears. Anyway, I prefer over the ear headsets, | they just sound better (currently at Sennheiser Momentum, | sometimes on cable, sonetimes on BT). | that_jojo wrote: | I have my $20 wired Sony buds drop out about once every | never. | brewdad wrote: | Mine will drop out when I drop my phone. | hombre_fatal wrote: | My wired buds pop out if I do anything more than sit | still while listening with them. Any other activity I'm | bound to accidentally karate chop the cord out of my | ears. Or they catch on something. It's quite a bad | experience. | | I didn't think BT headphones were worth anything until I | tried them. They are surprisingly liberating for someone | active like me. | aedron wrote: | Have you compared with other BT headphones? | | Because in general, BT headphones are great and I | understand that people love them. But Airpods are not | among the better ones in my experience. They drop out | more than my other BT headphones, and the fact that they | have no volume control is just unbelievably stupid to me. | rorykoehler wrote: | I seriously doubt the audio quality of AirPods Pro are | any good from an audiophile perspective. I have no way to | test without buying them but I have heard both the new | macbook pro 16 laptop speakers and the Sony WH-1000XM3 | noise cancelling headphones described an incredible | sounding by the same people who say Airpods Pro sound | amazing. I happen to own both and.... the MBP sounds like | my grammas alarm clock radio at best (I'd give it a | 2.5/10) and the Sonys are maybe a 7/10. They are decent | but way too boomy and the Q in the EQ controls provided | in the app don't provide enough granularity to fix it. I | feel like we've really devalued certain words in the past | decade or so. Everyone speaks like they work for | marketing now. | chucksmash wrote: | > I feel like we've really devalued certain words in the | past decade or so. | | For sure. | | > Everyone speaks like they work for marketing now. | | Maybe we're so inundated that we've internalized it? A | semi-related thing I've noticed: when people talk about | movies now, it's never "oh I liked it, it was neat" or | "it was sappy." Everybody talks about the cinematography | this, the character arcs that, did you see that tracking | shot?? | | It's weird to see the "inside baseball" aspects of | movies/music/storytelling/etc creep into random | conversations. | qubex wrote: | Not I. I stopped using it well before the iPhone did away | with it. I'm deeply suspicious of any hole that pierces my | device's carapace. | big_chungus wrote: | The removal is fine if you generally buy high-end equipment. | However, my phone still has one because I have a cheap phone | and I don't know what I'd do without the headphone jack. I | can use wireless earbuds (which are admittedly nice) for most | of the day, but they die and I like having a physical | connection. This is especially true of, say, long flights. I | also like having a backup pair, but backup pairs of bluetooth | earbuds are very pricey. | flir wrote: | How do you deal with the latency in games? | pizza234 wrote: | I do play (fast) games and don't perceive any latency. | However, the number of devices I can connect to my dongle | is two; when I add a third, the audio starts to crack. | komali2 wrote: | Latency is why I'll never "upgrade." I have a pair of | Bluetooth earbuds in my gym bag but my backpack has wired | earbuds because sometimes I produce music on my laptop. | Doing so with Bluetooth latency might not be impossible but | it'll be the closest thing to it. | | And since I don't wanna carry two pairs of headphones | around my phone needs to have a headphone jack. | tommit wrote: | Serious question: do people play mobile games where a | slight latency would matter at all? Or are you talking | about the overall immersion that goes missing? | maple3142 wrote: | I think it depends on what games are your playing. For | rhythm games, headphone jack is a must. | zozbot234 wrote: | BT latency is annoying enough when listening to media. I'm | used to pressing the pause button and having the audio stop | promptly, with no perceptible delay. The video desync (if | applicable) can also be very annoying. | tommit wrote: | That's odd, I have literally never experienced that | before. What kind of setup are you using? I just tried it | now, thinking maybe I just never really paid attention to | any play/pause delay when listening to music or watching | videos. Nope, it's pretty much instant as far as I can | tell. I'm using the AirPods Pro and had Gen 1 AirPods | before that -- can't recall ever having that problem in | the past 3 years. | avian wrote: | Not GP. It really depends on the device in my experience. | My Denon system has seconds of lag over Bluetooth, enough | to even make the volume slider on the phone annoying to | use. On the other hand, my wireless headphones from Sony | have as far as I can tell zero discernable lag. Both used | from the same Android phone. | Konnstann wrote: | Could be the codec they are using. AptX LL is the best | for latency as far as I know, but not all headphones | support it, and you have to go into developer options to | change it. | | The Denon system might be using LDAC which is higher | quality, but sacrificing latency. | toast0 wrote: | As someone who only ocassionally uses audio from my phone, | the big problem is airplane movies. | | Playing the movie is going to use enough battery that I'd | like to be plugged in. The dongles are easy to lose. I don't | have a set of bluetooth headphones that I use regularly, so I | got a pair at the airport, but i need to remember to charge | them, and they also don't last for the whole movie. Also, | everybody using bluetooth probably contributes to the janky | streaming in flight. | m-p-3 wrote: | Even if I had a jack, I still need bluetooth for my smartwatch. | maxerickson wrote: | I bet it's not particularly true that most bluetooth headphones | support wired analog audio. It may have been a few years ago, | not now that the most prominent use case is phones. | chungus_khan wrote: | Nice ones tend to, but most others don't seem to anymore. | Pxtl wrote: | Yeah, I've five sets of bluetooth headphones around my house | and only one has a wired port. | AdmiralAsshat wrote: | I quickly realized the value of the headphone jack the last | time I had to turn my device to Airplane mode and realized I | couldn't listen to any music on the plane using my wireless | earbuds. | | Fortunately, my aging GS8+ still has a headphone jack, and I | had a pair of analog headphones in my travel bag. | driverdan wrote: | You can put a device into airplane mode and still turn on BT. | RealStickman wrote: | That kinda defeats the purpose of airplane mode, doesn't | it? | duckqlz wrote: | Nope Bluetooth is ok during a flight.. from the FAA: > | Passengers will eventually be able to read e-books, play | games, and watch videos on their devices during all | phases of flight, with very limited exceptions. | Electronic items, books and magazines, must be held or | put in the seat back pocket during the actual takeoff and | landing roll. Cell phones should be in airplane mode or | with cellular service disabled - i.e., no signal bars | displayed--and cannot be used for voice communications | based on FCC regulations that prohibit any airborne calls | using cell phones. If your air carrier provides Wi-Fi | service during flight, you may use those services. You | can also continue to use short-range Bluetooth | accessories, like wireless keyboards. https://www.faa.gov | /news/press_releases/news_story.cfm?newsI... | vorpalhex wrote: | Airplane mode has two reasons. One reason is because at | one point your cell radio risked doing unpleasant things | to cellular ground stations, and another reason being | that the FAA wanted you to pay attention to your safety | demonstration. | | Bluetooth was allowed on planes quite some years ago. | Carpetsmoker wrote: | Another reason to turn on airplane mode - or at least | disable mobile - is that your phone will keep searching | for a network tower when it's out of reach, which will | drain battery quite a bit faster. | MichaelApproved wrote: | I don't know about GS8+ but older devices don't let you | turn Bluetooth on while in airplane mode. | marcusjt wrote: | I used to have an S2, S3, S4 and S6 before my S9 and (as | far as I can recall) it's always been possible to turn | Bluetooth on while in airplane mode. | | UPDATE: confirmed by later comments in | https://androidforums.com/threads/turning-on-bluetooth- | in-fl... | BenjiWiebe wrote: | Older device: 2013 Moto X, Android 5.1. Lets you turn on | WiFi, Bluetooth, whatever, with airplane mode on. | [deleted] | numpad0 wrote: | I can't cite it but wasn't there some requirement coming from | music industry back in 2010s to remove all analog outputs from | devices? | metaphor wrote: | When did the "music industry" start formally steering | commercial audio PHY standards? | | Characteristic impedance alone is all over the map, Apple | apparently couldn't align its 3.5mm jack pinout with the rest | of de facto industry, and form factor is just one of many | inherent market differentiators. | gruez wrote: | Why? For DRM? | numpad0 wrote: | I remember it was called "the analog hole" that enables | piracy, that was going to be closed by a future date, back | somewhere between 2005-2015. | 0xcde4c3db wrote: | My fuzzy recollection is that the "analog hole" stuff was | mostly pushed by Hollywood with respect to getting around | encryption on DVD and streaming video (as opposed to | music, where similar encryption schemes were foiled in | the market by CD and MP3 already being good enough, if | not outright superior to the "modern" formats), and that | with the advent of HD content they eventually settled for | analog outputs being limited to SD resolution. | microcolonel wrote: | Wait until they find out that audio can be reproduced | with little or no generational loss, because there is | always an analog signal (since that's the point of | audio). | chungus_khan wrote: | The only way to truly stop piracy is obviously to | disallow all devices from playing any audio at all. | numpad0 wrote: | Actually they've already found out that streaming and | subscription slaughters piracy unlike stringent | regulations which promotes illegal activities | keymone wrote: | I thought I'd be using the adapter but my Apple headphones that | come with an iphone are collecting dust for like two years now | since I got AirPods. Not going back, couldn't care less about | headphone jack. Now I wish charging port was gone too now just | to push the industry even further. | protanopia wrote: | Phones already support wireless charging. Why remove wired | charging because you don't use it? It is harder to use a | phone while it is on a wireless charger vs use a wired | charger. | dobleboble wrote: | There are enough external peripherals (external microphones, | HDMI output, etc.) that are useful that I hope they don't get | rid of the lightning port for quite a while. | TekMol wrote: | That's heavy. There are tons of phones out there that will never | be patched again. | | The situation on the phone market is so miserable. | | The industry forces us to throw away perfectly fine hardware | after just 3 years or so. | DangerousPie wrote: | FWIW, the situation is significantly better in the Apple phone | market. | oauea wrote: | Where can I buy a $200 apple phone? And how do I develop | software for it without buying a $1000 macbook? Oh, and I | have to pay $100/year for the privilege of being able to | develop software for my own hardware, right? | nxc18 wrote: | Buy a $400 device and hold onto it for a few years. The | android device needs to be replaced every 2 years and | subjects you to misery for the last half of its life. | | The old iPhone is going to work as well as, if not better | than, a new android device - Apple tends to be about 5 | years ahead of Qualcomm in performance, and they actually | service their devices. My mom is using my iPhone 6S from | 2015 that feels about as snappy as my 2018 XR. And that | feels snappier than a pixel 4. | | Very few people are software developers so the Mac req to | develop is a non-issue. | khill wrote: | Not true - I replace my Android phones every 4-5 years. | heavyset_go wrote: | Don't forget that GPL software is banned from the App | Store. | robin_reala wrote: | Slightly disingenuous: the GPL bans itself from the App | Store because the App Store imposes additional | restrictions on the software. | 32gbsd wrote: | this, hardware has become a the ugly ducklin to software. | ChrisCinelli wrote: | I agree with you that it is a shame that perfectly working | hardware is left highly insecure after just 3 years (that is | actually worse for some other manufacturers). | | The worst part is that people keep using the phones because are | not tech savvy or grossly underway the risk and they do not | feel that they need to spend money on a new phone. | loeg wrote: | You can shorten 3 years to 1.5 for typical Android vendors | (i.e., Samsung) and maybe extend it to 4 or 5 years for Apple. | There is a marked difference in the two ecosystems' approach to | support for older hardware. | madez wrote: | The solution is rather simple; buy devices with better | documented and open internals rather than what's cheapest, | shiniest, and most convenient. There are alternatives, and we | all vote with our wallets. | papermachete wrote: | What are some 2018+ sub-$200 smartphones that run first-party | LineageOS to no disadvantage over the stock ROM? | scns wrote: | Get a used Galaxy S5, should cost less than $100. Has an | oled screen, so switching ui to dark mode saves battery. | Has a headphone jack and removable battery. Runs Android 9 | via LineageOS | papermachete wrote: | Thanks. Is that the original lineageOS or one of those | "what works: you tell me ;)" ROMs? | pmlnr wrote: | There aren't any, unless you go second hand. LOS and nearly | all custom ROMs are aiming at widespread, mostly high end | devices, which is one of the big problems. | myself248 wrote: | I've learned this lesson. | | If I have $200 to spend on a phone, I will not buy a low- | end 2019 $200 phone. | | I will buy a used (or new-old-stock) flagship that was | $700 when it came out a few years ago, and is now $200 on | the used market. | | The older flagship will have similar specs to today's | low-end junk, but also all the enthusiast support, better | accessory availability, and probably better build quality | overall, because it was originally intended to be the | highest of the high-end. | steerablesafe wrote: | Flagships have the most idiotic designs though, as far as | I looked around. Low-end current year $200 phones often | have removable batteries, headphone jack and dual sim | support. Flagships typically have none of that. | papermachete wrote: | I mean if you can go so far as to install or build third | party ROMs, it'd be an interesting weekend hobby to | repair electronics yourself. | | I've saved hundreds of dollars of technology on trivial | home repairs instead of buying replacements. | smush wrote: | $300 but that got me a Samsung Galaxy Note 9. Headphone | jack and all. | mavhc wrote: | You'll also have to replace the battery though | gruez wrote: | I'm surprised nobody mentioned xiaomi phones yet. | toast0 wrote: | Do you want two OpenMoko phones sitting in my drawer? They're | about as useful now as they were then. | pixl97 wrote: | Ah, yes, this is sure to work. | | _watches the plan fail yet again_ | | This is like saying "we dont need regulations in meat | packing, every individual can become educated in butchery | cleanliness and track the supply chains for the products they | buy and everything will be better!" | madez wrote: | We surely need regulation that demands at least delayed | publication of firmware source and hardware documentation, | I agree. The analogy to regulation in the food industry is | enlightening. | | It's easier to achieve regulation when people care and show | that they care. It seems to me, voting now with your wallet | is one of the most direct ways to make a case. | Normal_gaussian wrote: | I don't think many people are talking directly to their | officials about it. It certainly isn't something my local | representatives talk about, and the political | consultation groups some of my uni-friends now work in | definitely don't have it on their radar. | Mirioron wrote: | How do I vote with my wallet though? The only alternative | is an iPhone which fulfills a somewhat different role | functionally. | clarry wrote: | Voting against the tyranny of the ignorant masses (or | just people who also value convenience; or those who | can't afford expensive) is a discarded vote. Your pennies | are not going to change the world. | madez wrote: | Unlike in some political systems, in the market the | winner doesn't take all, but rather all receive their | votes. Even then, I don't understand the psychology | underlying the concept "discarded vote". I vote for what | I think is best. To me that is what votes are all about. | Is the psychological desire to be part of the winning | group responsible? | clarry wrote: | If you know you're voting for a niche candidate that | cannot win, then that vote achieves nothing. It amounts | to as much as not voting at all; voting, then, is an | empty ritual, just a rain dance. Psychological desire has | nothing to do with it, it's just hard facts. | kortilla wrote: | We're talking about voting with your wallet. The vendor | you pick doesn't need to "win", it just needs to get | enough to survive. This is why voting with your wallet is | much more powerful than voting for winner-take-all | representatives in a political system. | madez wrote: | Even in an archaic the-winner-takes-all vote, the result | reveals important information besides determining the | winner. That information can influence other voters, vote | options, and the winners behavior. | taspeotis wrote: | Or just buy Apple. The iPhone 5s was released in 2013 and got | an update less than a fortnight ago (January 28). | janekm wrote: | To put that in perspective, as far as I've been able to | determine Google provided security updates for the 2013 | Nexus 5 until November 2018: | https://arstechnica.com/gadgets/2018/03/google-ends-major- | os... It's doubtful that any other Android vendor provided | updates for longer... | shpx wrote: | Another data point: the first Google Pixel, released | October 20, 2016, stopped getting security updates in | October 2019 https://support.google.com/pixelphone/answer | /4457705?hl=en | kllrnohj wrote: | It stopped being listed as having guaranteed updates but | it already has gotten at least one more update since | then. Per | https://developers.google.com/android/images#sailfish | there's been an update for the Pixel in December 2019. | | It is missing the Jan & Feb 2020 updates that the Pixel 2 | received, but it's plausible the Pixel 1 could still get | a patch for this critical issue. | joshuaissac wrote: | While it is not the same as manufacturer support, the | latest version of LineageOS is officially supported on | the Samsung Galaxy S4 (2013). | myself248 wrote: | S4 here too! The last great flagship, as far as I'm | concerned. Removable battery (just ordered another!), | headphone jack, microSD slot, USB OHG, HDMI/MHL out, | glove-compatible touchscreen, and small enough to fit the | hand. | | I'm gonna keep these things running as long as I can, | because the prospect of replacing them with something a | decade newer but inferior in every meaningful way is | simply sad. | | LineageOS is the only reason I don't loathe the whole | Android ecosystem, to be honest. | ekianjo wrote: | You still have to root your device to install LineageOS | right? | myself248 wrote: | TBQH I've never been quite clear on what it means to root | a device. I just run Heimdall and load the files they | specify, plug the device in, and a few minutes later, it | reboots into Lineage. | joshuaissac wrote: | To install LineageOS, it is enough to unlock the | bootloader, which permits the installation of operating | system images that have not been signed by the | manufacturer (e.g. Samsung). | | Rooting permits applications to have more control over | the device at runtime. Some devices require the | bootloader to be unlocked to enable rooting, and others | do not. | ekianjo wrote: | > any other Android vendor provided updates for longer... | | Nokia is the best though: | https://www.counterpointresearch.com/nokia-leads-global- | rank... | | they support even their very old phones to upgrade up to | the latest version of Android. | visualphoenix wrote: | Did this iOS Bluetooth LE exploit ever get patched? | https://github.com/hexway/apple_bleee/blob/master/README.md | | Less dangerous, for sure... | ekianjo wrote: | > Or just buy Apple | | And get locked in another walled garden? Erm... no thank | you. | Humdeee wrote: | Meh, I prefer that over a gated patch of dirt | rstupek wrote: | gated landfill? | eithed wrote: | Can you make assurances that iPhone doesn't suffer from | similar issues, given it's not open source solution? | lima wrote: | There's tons of security researchers focusing on iOS and | the lack of source code access is merely an | inconvenience. | prox wrote: | There a couple of alternative solutions, from convenient | to effort needed : | | iOS ecosystem. Since Apple is a hardware manufacturer | foremost, you notice from the start you aren't the | product. Lots of apps, many of high quality. | | Librem/Pinephone : Linux phones. While the hardware is | still closed source in certain parts, it's a step up from | what we have now. Librem allows you to install any linux | variant you choose. | | Zerophone : Build your own phone basically, very cheap to | build ($50) , and currently in development. | objclxt wrote: | Depends what you mean by "similar issues" | | If you mean "a bunch of relatively new Android phones not | getting security updates because their manufacturer | doesn't support them", then yes. Apple is actively | providing not just security patches but entire feature | software updates for the iPhone 6S, which is 4.5 years | old at this point. | eithed wrote: | Yup, that's what I mean. While I do have an Android phone | that is patched (Samsung), I understand that many people | will be hmm... irritated that this vulnerability won't be | fixed and requires them to upgrade. I'd not treat | switching to Apple ecosystem as panacea to everything | though and would be more for security through audit, not | obscurity. | why_only_15 wrote: | Apple's security is heavily audited in a lot of ways. | They give special phones to researchers that make it | easier to audit them, and there are significant bug | bounties. | dana321 wrote: | Only because their newer iphone SE is similar enough. | blub wrote: | The SE has a similar shape with the 5s, but the internals | of a 6s, which is two generations older than the 5s. | ChuckNorris89 wrote: | Buying iPhone makes sense if you're already invested in the | whole ecosystem(owning MacBook, iWatch, AirPods, etc.). If | you're not part of the Apple ecosystem the experience is | less polished when you need one apple device to play well | with the rest of your non apple devices. | tommit wrote: | Full disclosure: I'm very locked in the Apple ecosystem. | They do play amazingly well with one another, but I feel | like that's not at all their main selling point. | | You can appreciate the longevity and continued support of | an iPhone without having an Apple Watch. You can | appreciate a MacBook for its OS (pre Catalina anyway) and | build quality (I'm still running a 2014 model -- though I | have read about recent models' issues) without having an | iPhone to pair it with. To be fair, you cannot appreciate | an Apple Watch without an iPhone at all since it won't do | anything, and I'm no the fence about AirPods and how well | they do outside the Apple world. | | My point is, once you're in the ecosystem, you notice a | lot of little things that may make your life easier. Are | they great? Yeah absolutely. Are they what sells the | product? In my opinion, not at all. Unless it happens to | pinpoint your exact use case (I need to lock and unlock | my MacBook 30 times a day and I'm tired of having to | enter a password, I want my Apple Watch to unlock it), | it's the product itself that will most likely convince | you. The way they neatly play together at times is just | the cherry on top, like when you notice your computer and | phone now share a clipboard. That's awesome, but not a | single selling point for anyone. | | Now, I will be the first one to say: iTunes sucks. So, if | you do buy an iPhone, it makes sense IMO to shed out the | extra 99ct a month for iCloud storage. | davidy123 wrote: | While there are cheap computers that don't last well, | pretty much any computer at the price point of an Apple | computer will last at least five years, in fact they will | probably last several times that. Additionally, Thinkpads | for example have full user service manuals and often | support users repairing or upgrading parts such as RAM | and storage that explicitly maintains the warranty. | vel0city wrote: | FWIW, you don't need to be in the Apple ecosystem to have | features like having a secondary device auto-unlock your | laptop or desktop. Windows has supported a paired device | unlocking your user account for a while now, and it does | not have to be a manufacturer specific device. Logging in | with devices like Yubikeys is also a supported login | method. | rjmunro wrote: | Looks like I need a new phone because of this. Which phone | would you recommend so I don't make the same mistake again? | prox wrote: | Some options, from less effort to more effort : iOS | ecosystem.Since Apple is a hardware manufacturer foremost, | you notice from the start you aren't the product. Lots of | apps, many of high quality. | | Librem/Pinephone : Linux phones. While the hardware is | still closed source in certain parts, it's a step up from | what we have now. Librem allows you to install any linux | variant you choose. | | Zerophone : Build your own phone basically, very cheap to | build ($50) , and currently in development. | djxyeush wrote: | If you don't expect to lose sleep over third party apps | (such as Tachiyomi for comic reading) then iphones are | spectacular. You won't have as much customization but the | experience overall really does explain why Apple is so | profitable. Otherwise, Samsung for MST payments. You'll | still want a wallet/clip, but there's been more than a few | times I forgot my wallet and MST saved me from a wasted | trip to the market. | amanaplanacanal wrote: | I switched from Android to iOS when my last phone | (samsung) stopped getting updates. I miss a couple | things: a good adblocker, and the Swype keyboard. I setup | a pi-hole at home to take care of ads when I am there, | but the iOS swype-equivalent keyboard is nowhere near as | good as the real Swype keyboard on android. | vesinisa wrote: | I can attest that my Pixel 3a received the February update | as soon as it was released directly from Google, and I have | been overall very happy with this phone. Pixel 3a is the | cheapest yet (IMHO) best Pixel phone on the market. It is | guaranteed to receive OTA updates and security fixes until | at least May 2022: | https://support.google.com/nexus/answer/4457705?hl=en | [deleted] | krn wrote: | I would only buy a device running Android One, because they | receive monthly security patches and new Android versions | for up to 3 years. | | The current options include all Nokia smartphones, Motorola | One line, and Xiaomi Mi A line. | | For the best hardware and 5G support, I would look at Nokia | 9.2 (Snapdragon 8--) and Nokia 8.2 (Snapdragon 7--) | releases this year. | | The best deal is to buy 6 months after the release, when | most Android devices become heavily (30-40%) discounted, | but are still quite new. | | I prefer Android over iOS because of the freedom to install | open-source OS-level ad-blockers, such as Blokada[1], which | greatly improve privacy and battery life. | | [1] https://blokada.org/ | zozbot234 wrote: | Note that "Xiaomi Mi A" devices are the only ones that | are similar to Android One. Most Xiaomi devices have a | custom UX and additional weirdness. (Among which is the | need to "sign up" online for bootloader unlock and wait | for a timeout period. They do this because resellers used | to ship bootloader-unlocked versions with "unofficial" | mods of sorts, often with customers being none-the-wiser. | Not an issue on the 'Mi A' line, for whatever reason.) | krn wrote: | > Most Xiaomi devices have a custom UX and additional | weirdness. | | That's true. Just like Samsung, Huawei, OnePlus, and any | other Android manufacturer except Nokia, Xiaomi maintains | its own Android ROM, called MIUI[1]. It's not as vanilla | as Android One, but at least it also receives monthly | security patches. | | > Among which is the need to "sign up" online for | bootloader unlock and wait for a timeout period. They do | this because resellers used to ship bootloader-unlocked | versions with "unofficial" mods of sorts, often with | customers being none-the-wiser. Not an issue on the 'Mi | A' line, for whatever reason. | | It's not an issue with Xiaomi Mi A line, because Xiaomi's | reputation is not affected as much if there is something | wrong with a smartphone that is not running its custom | ROM. | | Nokia has only recently started allowing to unlock the | bootloader of _some_ of the models, and has a similar | process[2]. | | [1] https://en.wikipedia.org/wiki/MIUI | | [2] https://www.nokia.com/phones/en_int/bootloader | mavhc wrote: | According to Nokia: Unlocking a device means you may lose | some of its functionalities, including - but not limit to | - telephone, radio, audio, video, payment, encryption and | DRM. | krn wrote: | As with probably all Android devices, unlocking the | bootloader breaks the SafetyNet[1]. | | And any custom Android ROM requires drivers to be able to | completely support the hardware of a particular device. | | [1] https://www.howtogeek.com/241012/safetynet-explained- | why-and... | zozbot234 wrote: | They're all using the same junk SoC's with zero documentation | and the crappiest possible level of "board" support anyway. | You're actually better off buying a device where that support | has been properly reverse-engineered/forward ported and is | included in the mainline kernel. (Lots of Allwinner boards | are "supported" in that way.) But it's ridiculous that we | have to do this. | | Also FWIW, the problem has zilch to do with "Android" per se | - pre-Android mobile Linux was _even worse_. It 's embedded | platforms in general. | munificent wrote: | That would work better mobile phones were anywhere in the | vicinity of an efficient market. It's not. | | * The barrier of entry is very high: You need a top-tier | manufacturing system and supply chain. An operating system. | An entire suite and market of applications. All of the apps | users expect and rely on (mail, navigation, Facebook, chat, | Instagram, etc.) must be supported. The hardware is only | profitable if you manufacture at very high scale. | | * Information asymmetry is very high. Users have almost no | insight into how secure one platform is versus another. In | fact, they have access to paradoxical information. The _most_ | secure platforms are the ones with the most transparent | security flaw handling, but those are also the ones that | _appear_ the least secure because the vulnerabilities are | more widely reported. | | * Products are nowhere near commoditized. A phone is a very | large constellation of hardware, operating system, and | software features. There is no apples to apples comparison | between phones. Maybe you like the camera on one but not the | screen on the other. One has better apps but the other a more | stable OS. | | This is not a market where consumer choice will effectively | drive solutions to diffuse problems. | kees99 wrote: | My understanding is that each android phone model is unique | and requires unique OS update (unlike, say, BIOS- or UEFI- | based x86 PCs, where exact same Windows/Linux/BSD/... image | can be installed on any of them). | | Having a "standard" OS interface for the phone, where there | is just one OS image for a given OS version, and that image | could be installed on any phone - now that would be the true | alternative, which I would be delighted to vote for with my | wallet. | jacquesm wrote: | > My understanding is that each android phone model is | unique | | Sure, but each PC is also 'unique' in that sense, in fact | I'd happily bet that there are more different kinds of | hardware combinations for PCs than there are android phone | models. And yet, that never was a problem. | zozbot234 wrote: | Plug-and-Play and then ACPI have been used to get around | this. Hardware discovery just doesn't seem to be a thing | on these embedded SoC platforms, and even the hardware | support itself (drivers, etc.) is extremely sub-par if | you expect to run the ordinary, mainline kernel. | jacquesm wrote: | Even before harware discovery and plug-and-play you could | do this by simply specifying what hardware you had or by | 'probing' the hardware for presence of certain | characteristics (this wasn't always fool proof). The | hardest parts were when interrupts were still selected | with jumpers rather than automatically enumerated. | kees99 wrote: | 8086 has 256 IO addresses, and hardware of that era had | fairly simple initialization, so completely naive way to | find peripheral X was to 'probe' each and every possible | IO address with something like: for i in | range(256): poke(i,magic1) if peek(i) == | magic2: found! | | 256 probes in all is not that bad, and real-world probing | would only try a handful of commonly used addresses, | making it even faster. | | Phone SoCs on the other hand have many peripherals | memory-mapped, (meaning there are millions/billions | addresses to 'probe'), plus there are things like power | sequencing, GPIO enable lines that need to be asserted, | and clock-sources configured before peripheral would even | respond at all. Oh, and that GPIO, or power controller, | or clock source themselves might be accessible via an i2c | chip speaking its own protocol, so you need to initialize | those first, etc, etc. | | All of this complexity could be described via linux | "devicetree" subsystem, and devicetrees are in a usable | state for some hardware (although DT itself is often a | labyrinth to navigate). Thing is - factory software for | most phones have been extremely slow to adopt DT, and | even some that do use DT, don't do it in a particularly | portable way. | cesarb wrote: | However, every PC descends from the original IBM 5150 | from the 1980s, which gives the PC a common base which | phones never had. | zozbot234 wrote: | > Having a "standard" OS interface for the phone, where | there is just one OS image for a given OS version, and that | image could be installed on any phone | | Project Treble is working towards this, in a way. But it's | a huge hack that's still dependent on lots of weird AOSP- | specific stuff, and doesn't even give you a "single" OS | image for every device - the "proper" image for your device | varies by baseline AOSP support (7, 8, 9, 10), "A" vs. | "A+B" boot and of course 32-bit vs. 64-bit architecture. | Nowhere near "UEFI-based PC" territory. | yjftsjthsd-h wrote: | Eh... remember 32-bit UEFI? It might be smaller, but | there is still room for weirdness. | nicolaslem wrote: | This is why my next phone will be a Librem 5. I know that it | will probably suck but at least it's moving things in the | right direction. | madez wrote: | I'm in the same boat. If it moves things in the right | direction, then it doesn't suck. | prox wrote: | Indeed! I usually get "but it's still a closed source | modem" as a counterpoint ... sigh | squarefoot wrote: | The closed source modem, or network firmware for that | matter, isn't much of a problem if it can't see clear | data and/or access to system memory or execute | instructions. I'd see it more of a black box not unlike | old RS232 connected modems: they could see all data going | back and forth, but encrypting that data would be enough | since they could never access the system memory to see | the data before encryption or after decryption. Librem 5 | and Pinephone should work along these lines. Having | everything 100% open would be better, but in this case | being closed doesn't create security concerns since all | personal data is unavailable to these subsystems; only | the main system, which is entirely open and where the | user is king, can access them. | ekianjo wrote: | > my next phone will be a Librem 5. | | Better go with a Pinephone if everything that's been | written about Librem as a company is even half-true. | tremon wrote: | > There are alternatives | | Can you name one smartphone device with open internals? I'd | love to buy one, but I don't think they exist. From | Replicant's recommendations [1]: | | _If compromising on privacy /security is not an option, or | anything serious is at stake (e.g. political activism or | journalism in a sensitive area), it is advised to avoid using | a telephony-enabled device at all._ | | My impression from the smartphone market is that phone | platforms have become less open, not more, over the last ten | years. The PinePhone isn't generally available yet, and the | Librem 5 current iterations don't have working audio calls. | | [1] https://www.replicant.us/freedom-privacy-security- | issues.php... | madez wrote: | Openness isn't binary. One significant step is support for | the mainline Linux kernel. Another significant step is free | information about the hardware on a high-level, such as PCB | schematics and documentation about the used chips. Here are | some projects that I'm aware of: | | Mainline Linux: | | https://pocket.popcorncomputer.com/ | | https://necunos.com/shop/ | | Mainline Linux + high-level hardware documentation: | | https://puri.sm/products/librem-5/ | | https://www.pine64.org/pinephone/ | kop316 wrote: | I hope you realize that with the exception of freescale, | there are no phone and tablet devices where the vendor | actually cooperate and does that. Many of the devices that | are documented are because of the open source community that | actually bother to dig in and do this (without any vendor | support). | | That means there is no Android or Apple device on the market | today that accomplishes what you say. | | The only phones that are out there that can do that are the | Pinephone and Librem 5. I have beta devices of both, and | while I am extremely excited to see them mature and turn into | daily drivers, the fact is neither can actually be a daily | driver today. | silenussays wrote: | But unlike Apple's closed source walled garden ecosystem, | Android is open source! That means you can patch it yourself! | Right guys? | rjmunro wrote: | In the UK I always wonder if it's possible to bring a claim | under Part 1 Chapter 2 of the Consumer Rights Act 2015. The | goods must be 'satisfactory'. Remove code execution over | bluetooth is not satisfactory, even if it only became apparent | 3 years later. | | https://www.moneysavingexpert.com/shopping/consumer-rights-r... | 867-5309 wrote: | a legal battle with a phone manufacturer will cost much more | than the phone itself. 99% of retailers will say it's nothing | to do with them, take it up with the manufacturer. phones are | relatively cheap and transient commodities compared to | something like houses, where "consumer rights" might actually | mean something | jacquesm wrote: | If consumer rights don't mean anything for > $500 devices | then there might as well be no consumer rights. | rjmunro wrote: | > a legal battle with a phone manufacturer will cost much | more than the phone itself | | You'd only need to do it once to set a precedent, and | everyone can get their phones fixed or replaced. The | problem is that the law applies to the retailer, not to the | manufacturer. As I didn't buy my phone direct, I'd have to | get the retailer to replace it, and as I went to a high | street retailer who is suffering from competition from | Amazon etc, and closing branches, it feels bad to give the | problem to them. | | If I'd bought the phone from the manufacturer direct, from | Amazon, or from a phone network, I'd gladly go ahead with | the action because those retailers would have enough clout | that the manufacturer would care about loosing their | business. | fulafel wrote: | Would the dispute be with the manufacturer or whoever sold | the phone to you? | davidgerard wrote: | Whoever sold you the phone. Your contract is with the | trader. | Someone wrote: | They will say that and will often get away with it, but in | the EU, that doesn't fly. https://europa.eu/youreurope/citi | zens/consumers/shopping/gua...: | | _"Under EU rules, a trader must repair, replace, reduce | the price or give you a refund if goods you bought turn out | to be faulty or do not look or work as advertised."_ | | So, the manufacturer, in the EU, never has anything to do | with the consumer, legally. | | I think a trader could successfully argue they didn't | advertise the device as secure, that the user didn't suffer | from it or, for devices that are out of warranty, that they | don't need to correct this issue anymore. claiming that it | wasn't 'faulty' could be harder, but I'm sure they would | try. If a vulnerability isn't known, is it a fault? Depends | on whether its cause was generally known, I would think. | dageshi wrote: | Unless I'm missing something, it's only for 2 years after | purchase? | | "The legal guarantee covers any defects presumed to have | existed at the time of delivery and which become apparent | within a period of two years. However, the crucial period | is the 6 months after you bought your product:" | | https://europa.eu/youreurope/citizens/consumers/shopping/ | gua... | | So I'm assuming the bulk of older phones would no longer | be covered? | eitland wrote: | Here in Norway I think it is, but be prepared to argue | for it. | michaelhoffman wrote: | In the UK it is really easy and inexpensive to file a small | claim, and there are limits to how much cases on the small | claims track can cost you. | | https://www.gov.uk/make-money-claim | | I've done it myself and got paid by an intransigent phone | retailer relatively promptly after that point. My lawsuit | was about a contractual dispute rather than faulty goods | though. | lowdose wrote: | Didn't you hear of those people returning their VW diesel | back to the dealer because of a claim under Part 1 Chapter 2 | of the Consumer Right Act 2015? | tremon wrote: | I didn't, but it sounds intriguing, what was the outcome of | that? | lowdose wrote: | Biggest forced manufacturing recall ever recorded in | history. VW Group barely hangs on in Chapter 11 because | the people for once decided not to accept scapegoating | some figureheads in a limited hangout. | swamp40 wrote: | Yes, put them out of business. That will teach them. | Lammy wrote: | It will teach others. No need for the sarcasm. | ddeck wrote: | _> VW Group barely hangs on in Chapter 11_ | | Not sure what you're referring to. Chapter 11 is a form | of reorganization in bankruptcy in US law. | | Volkswagen AG (i.e. the VW Group) is an EUR85 billion | German company that - despite the massive fines and | recall - has been consistently profitable, with a small | loss in 2015 due to the aforementioned issue and earned | ~EUR12 billion in net profit last year. | gruez wrote: | Was it really because of the Consumer Right Act? Part of | VW's settlement with regulators was that they had to buy | back a large majority (I don't recall the exact number) of | the defective cars. | verbify wrote: | I'm in the UK, and bought an original Pixel directly from | Google. The bluetooth daemon would just crash for me rather | than being exploitable. I just don't think I have a case - | phone manufacturers don't promise security updates in | perpetuity. I don't think it passes the test of a reasonable | person being dissatisfied. | flir wrote: | I'd be thinking "fit for purpose" rather than "satisfactory". | Minor quibble though. | shadowgovt wrote: | > The industry forces us to throw away perfectly fine hardware | after just 3 years or so. | | Possibly because of things like this; when a vulnerability | isn't going to get patched, churn (with new hardware running | newest OS) protects the ecosystem against mass-compromise. | | We can bemoan the lack of patches, but who's paying for the | patches? | dspillett wrote: | At least there is the mitigation that it isn't exploitable | unless the device is scanning for new devices to pair with, at | least by my reading of the reports I've seen. | | Phones are not usually in that state unless the BT settings | screen is open. Otherwise it would drain excess battery in | normal use. | mtgx wrote: | > The industry forces us to throw away perfectly fine hardware | after just 3 years or so. | | And even if you don't care about software or security updates, | it's still true in the sense that most don't have replaceable | batteries now, and they tend to use batteries that start to die | out after about 2 years. | | They do this on purpose, but it's quite difficult to prove they | were doing it as "planned obsolescence". This is why I'd fully | support laws that make it illegal to make battery-powered | devices that can't have their batteries easily replaced _by the | consumer_ (not the iFixit guys). | kop316 wrote: | Yep. Even Google's own devices that are not supported anymore | will permanently be vulnerable to this: | | https://developers.google.com/android/images | | I have a Pixel C that will never have an official patch to this | exploit. I wonder if this is a user space exploit too, and if | so, that would mean there's no technical reason for why they | can't update it. | zozbot234 wrote: | I'm pretty sure that Pixel C (dragon) is in the PostmarketOS | wishlist - you might want to get involved! It does already | have LineageOS support. | kop316 wrote: | Yep it does, I have it on Lineage. However Lineage cannot | update the Kernel (due to no vendor support), it's stuck on | 3.10. | | I'll take a look at Postmarket, I didn't know they were | working on it. My issue is that I use the tablet primarily | as my music workstation, and there are several apps I use | that depend on Google Play. | | I do have a Pinephone, and I would honestly prefer to use | my time to get a matured OS for that. | | EDIT: I looked around on PostmarketOS, I did not see | anything for the Pixel C? I just saw an external resource | on how to boot Linux onto the Pixel C | neilsimp1 wrote: | My current phone (Samsung Note 5) is too old to receive updates | and I'm still on Android 7. I hardly use Bluetooth but I'm | still a little upset. | ChrisCinelli wrote: | > That's heavy | | Almost every month there are security patches for "critical" | problems. Just skim throught the blog pages. This is Jan 2020 | for example: | https://source.android.com/security/bulletin/2020-01-01 | | Consider this: if I remember correctly somebody on HN was | saying that in these days the _average_ time from releasing a | patch and exploit found in the wild is _4_ days. | | Consider that the patches hit the open source code a lot before | they are deployed. | | Consider that beside Google, any other Android phone | manufacturer take around a month before releasing the patches | even on current models. | | The situation has no easy solutions. | arendtio wrote: | > Consider that beside Google, any other Android phone | manufacturer take around a month before releasing the patches | even on current models. | | Still the biggest problem. For my PC I can install updates on | a daily basis. For my smartphone, I can be happy if there are | any updates at all. | ChrisCinelli wrote: | If your OS is open sourced, the question is: how long does | it take from the time the patch is discussed in open places | (ex: mailing list or bug trackers for patch approval) and | when the patch is deployed? | butz wrote: | Great, because of limited Android updates I have to get a new | phone. | mavhc wrote: | Why haven't most of the billions of Android phones been hacked | already? Most never get updates and seems like there's 100 ways | to hack them. | wmeredith wrote: | The same reason that a billion minnows swimming together is | safer than 5. There are a billion targets and few few of them | are worth hacking. | anotheryou wrote: | I think phones are also relatively hardened so the attack | surfaces are not super convenient. | | Bluetooth: get in reach of an attacker (and from another | comment: have your device searching for bluetooth devices) | | Web-stuff: if a patched browser doesn't help you are still | relatively safe browsing all the non-infecting websites in the | world. | | file-stuff: you have to be stupid enough to open files, on your | phone, from phishy mails (unless you are targeted they are | always suspiciously generic, even when spreading from a hacked | acquaintance ) | | I guess if there was a vulnerability where you could remotely | gain full control over a phone without any action on the phone | side you'd indeed have phone botnets. Looks like there are no | such vulnerabilities. | | Take what I write with a grain of salt, I'm actually just a | noob trying to make sense of this, too. | markhenrry wrote: | https://www.printerrepairnearme.com/troubleshooting/fix-hp-p... | m1r3k wrote: | My OnePlus 3 phone just got its last security patch and is now | out of support from the manufacturer. | | I use bluetooth constantly for my smartwatch and headphones. | | I think it's time for custom firmware just because of this. | Goodby banking apps and Google Pay, because apparently a newer | but unofficial OS is more insecure [1]. | | [1] https://developer.android.com/training/safetynet | guimoz wrote: | You can usually still pass safetynet with latest magisk, even | on custom Roms. Go check the xda forums and you might find | that. | m1r3k wrote: | I know there are means to defeat safetynet but honestly I was | glad not to tweak my phones anymore and happy without a | rooted firmware. | | I remember the times of endless tweaking and patching after | some Google Play services update a few years ago. | zozbot234 wrote: | > You can usually still pass safetynet with latest magisk, | even on custom Roms. | | It's unreliable by definition. You're better off keeping a | device around with the stock OS on it, that you only use for | SafetyNet-required stuff. | Brave-Steak wrote: | > Keep your device non-discoverable. Most are only discoverable | if you enter the Bluetooth scanning menu. Nevertheless, some | older phones might be discoverable permanently. | | Does this mean your MAC address isn't visible while on, non- | discoverable and connected to a BT device? | cpncrunch wrote: | Is there a way to make it non-discoverable? I don't see that | option on my Nexus 6P running 8.1. You can just turn bluetooth | on or off. | | Or is it just discoverable when you click "pair new device"? | SwaraLink wrote: | I suspect that in this case the phone is using Bluetooth Low | energy "passive scanning". This means that the phone is | listening for advertising devices (eg beacons) but never | actually transmitting Bluetooth packets and therefore never | actually exposing its Bluetooth address over the air. | baybal2 wrote: | Actually Android keep bluetooth on even when UI says off for | Google to radiolocate your position. | mavhc wrote: | I thought that was WiFi | rjmunro wrote: | Are you sure? I know they keep some WiFi on, but I didn't | think there was much location value in bluetooth signals | because most bluetooth devices people use are portable | (headphones, cars, etc.) | baybal2 wrote: | Actually yes, I did investigate that. Can post a | screenshot. | whatisthiseven wrote: | Did you also disable that setting under the "location" | submenu, which explicitly says it works even if bluetooth | is off? | | Not that this is good design, mind you, but if you turned | both settings off and still say BT activity, then that is | much different. | baybal2 wrote: | If you do that, it will disable it. Yes, it's a well | hidden option deep in the menu. | gruez wrote: | That can be turned off. | magicalhippo wrote: | > For some devices, the Bluetooth MAC address can be deduced from | the WiFi MAC address. | | Which ones would that be? Anyone know? | aedron wrote: | So some questions: | | > with the privileges of the Bluetooth daemon | | Which priviliges is that? Can it access user data? Snoop on | input/output? | | > For some devices, the Bluetooth MAC address can be deduced from | the WiFi MAC address | | So if wifi is off, I'm safe? | | I have bluetooth on all the time, because it automatically pairs | with my car for cellular and audio, and turning it on and off | would be a hassle. I rarely, however, use wifi unless I have to | download a very big amount of data, which is almost never. | e12e wrote: | > Which priviliges is that? Can it access user data? Snoop on | input/output? | | This is somewhat addressed in a comment/reply by jorge: | | https://insinuator.net/2020/02/critical-bluetooth-vulnerabil... | | > Hi, the Bluetooth daemon is a process on the Android system | that runs in the background (daemon) that is responsible for | managing the Bluetooth controller and handling of various | Bluetooth related protocols, such as HCI, L2CAP and GATT. As it | has to process attacker-controlled input it is susceptible to | attacks. In addition, it has to run with high privileges (not | as 'root' like on Linux) to support features like: - file | transfer => read files - share Internet connection => configure | network and VPN - Human Interaction Devices => emulate keyboard | and mouse | oauea wrote: | > So if wifi is off, I'm safe? | | No, the connection packets can still be sniffed from the air | once your device connects to your car. Then the attacker knows | your mac address and can initiate the exploit. | gaius_baltar wrote: | I'm now wondering if I can use this to root my phone. | billpg wrote: | "We could roll out the patches, or we could make all our | customers buy new phones!" | | Stagefright again. | est31 wrote: | Judging by the three commits added by the android-9.0.0_r53 tag | in the platform/system/bt android subcomponent, the vulns seem to | be UAF + OOB write. All vulnerabilities thus belong into the | class of vulnerabilities that safe Rust eliminates. | | https://android.googlesource.com/platform/system/bt/+/1d788d... | | https://android.googlesource.com/platform/system/bt/+/c20f24... | | https://android.googlesource.com/platform/system/bt/+/abc302... | ATsch wrote: | I think it's extremely silly that every time buffer length | vulnerabilities get discovered, people start immediately | jumping how rewriting everything in rust would have stopped it. | | Yes, that's not wrong, but a sane (ptr, len) "slice"/"buffer" | type would have prevented this in any language, not just rust. | These things happen not because C and C++ lack sophisticated | ownership semantics, but because without such a type, passing a | pointer and hoping the buffer is always big enough is just | easier than doing the right thing. | | If this was something funky like a cross-thread race-condition | dangling-pointer double-free, you'd have a great point. Only | Rust's unique safety model can prevent that. But with things | like this, as much as I love Rust and it's community, I | sometimes feel like many rust fans are much more interested in | being smug than making real-world progress towards safer | software today. | tene wrote: | The point is that the sane, correct choice is also the easy, | default choice in Rust. We've been able to implement | (ptr,len) buffer types in C for as long as we've had C, but | uint8_t* is both baked into many APIs, and the path of least | resistance. | | We've spent decades pushing the limits of security | improvements we can get through asking people to please try | harder and do better with C, but we still see a high rate of | high-impact errors like this. | | Rust's safety model isn't the only valuable thing about Rust. | Another big valuable part of Rust is that instead of giving | the programmer a box of unsafe tools and a post-it reminding | them to be careful, Rust provides sane, safe default tools | that have been built based on what we've learned from the | past several decades. | | The argument isn't "Only Rust can save you", but that Rust is | a good choice that both meets the same performance | requirements, and avoids these problems by default. | | If you've got a better solution to persuade C and C++ | developers to consistently and reliably always wrap their use | of pointers from other APIs into (ptr,len) buffer types, I'd | love to hear it! | | With comments like this, I sometimes feel like many | developers are much more interested in smugly dismissing a | group that's made significant real-world progress in making | it easy to do the right thing than they are in actually | helping real developers to reliably make safer software | today. | Varriount wrote: | Or Java, or Go, or one of the other 10 or so languages that | have bounds checking. | dmitrygr wrote: | Android accepts contributions and your complete rust rewrite of | bluedroid would be most welcome | userbinator wrote: | It's an 8-bit counter... just allocate a fixed 256 entries and | be done with it. That reads like code written by people without | any embedded/low-level experience. | | Keeping code simple and without unnecessary abstraction is a | far more valuable skill than $safe-language-trend-of-the-day. | e12e wrote: | I appreciate this comment, because it demonstrates a solid | approach to simplify the code. | | That said, regarding: | | > safe-language-trend-of-the-day. | | I agree that rust advocacy can sometimes be a bit misguided | and over-enthusiastic - however how often is an out of bounds | write _not_ a bug (or a too clever by far hack)? | | We've had pretty efficient ways to deal with this in c like | languages for a long time (eg Pascal, Ada). | | (c-like in the sense of being relatively low-overhead, close | to the hardware wrt memory layout etc). | bitwize wrote: | People who know how to do that are expensive, and they still | make mistakes. Rust enables junior-level JavaScript | programmers to write kernel/bare-metal level code without | fear of making these kinds of errors. If you've spent a | career programming in C and you're complaining about Rust, | you're right. Rust isn't for you, it's for your replacement. | AnthonyMouse wrote: | > People who know how to do that are expensive | | Good programmers are expensive. The notion that better | tools are going to change that is naive. | | Rust is good. Use it for things. But the idea that it can | let people who don't know what they're doing write secure | code is dangerous. For example, what does Rust do about | Spectre? Does your junior-level JavaScript programmer know | how to address that? What about other timing attacks, or | knowing which crypto to use in which context? | | People still have to know what they're doing. | 0xdead wrote: | If by "write kernel/bare-metal level code" you mean | blinking an LED, sure. Writing low level doesn't have to do | anything with C or any language for that matter. It | requires a deep understanding of the architecture that | you're writing code for. Junior JS devs don't have enough | experience or the skills to do that. | rafaelvasco wrote: | "Junior-level JavaScript programmers" "kernel/bare-metal | level code" | | Can't see how that can be. Only a small minority of | programmers can code low level systems. Only those that | truly enjoy it, go through the pains necessary to have | adequate grasp of it. | leshow wrote: | > Rust enables junior-level JavaScript programmers to write | kernel/bare-metal level code without fear of making these | kinds of errors | | I've used Rust for a while, and this isn't really true. At | the lowest level you still have to build good abstractions | with judicious use of `unsafe`. It also comes across as | incredibly hostile, you're not doing Rust any favors with | this. | blub wrote: | "Rust enables junior-level JavaScript programmers to write | kernel/bare-metal level code without fear of making these | kinds of errors. If you've spent a career programming in C | and you're complaining about Rust, you're right. Rust isn't | for you, it's for your replacement." | | That's a pretty silly thing to say. | | Writing code that doesn't crash isn't the hardest thing | about writing low-level code. Sure, it's a problem, even an | important problem, but there's a ton of other knowledge | that no JS developer would have. Unless by "write" you mean | write 2 lines per day with lots of searching in-between | that has to be thrown away in the end. | dpc_pw wrote: | The way I see it it: With C/C++, you have to to have a | team of 5 senior devs, and they have to cross-check each | other work all the time. With Rust, you could have 1 | senior Rust dev, and 4 junior devs, and they would arrive | in a better place anyway, just by the virtue of compiler | doing 90% of the boring checks and tutoring. | blub wrote: | You can't build a quality project only with juniors | supervised by a senior no matter what technology you use. | This is such a common programming fallacy, it's | surprising to see it here. | miohtama wrote: | But at least with Rust it won't have out of bounds and | use after free bugs even if being crap otherwise. | reyqn wrote: | It's a valuable skill for sure, but there apparently isn't | enough people with this skill on the market, which is why | $safe-language-trend-of-the-day is being developed and gains | momentum. | bluejekyll wrote: | How long must a language be around and prove it's staying | power before people will stop brushing it aside with the | "$safe-language-trend-of-the-day" quip? 1 year? 2 years? 5 | years? 50? | | How many people must use it? 1k? 10k? 100k? | | It's pointless to argue with someone who throws Rust into | that category at this point because it means nothing. It's | a slight to allow them to feel ok, that eventually this | language too will pass, and so it will be ignored. | zamalek wrote: | > there apparently isn't enough people with this skill on | the market | | Judging by the number of memory vulnerabilities found each | year in mainstream operating systems (which are developed | by some of the best programmers around), there aren't any | people on the market with this skill. This is very likely | because all programmers are human beings. | | Manually managing memory isn't difficult, it has been | proven to be practically impossible. I wouldn't care if it | were Linus claiming otherwise, it's ignoring incredible | amounts of evidence to the contrary and is much like flat- | earther. | atoav wrote: | As someone who both writes C and Rust I don't think the two | contradict each other. Rust is very nice to write stable, | fast and well tested libraries in that can interface with C | code in. | | Learning Rust and with its concepts improved my C code. Even | if Rust would vanish over night I wouldn't regret learning | it. | est31 wrote: | > It's an 8-bit counter... just allocate a fixed 256 entries | and be done with it. That reads like code written by people | without any embedded/low-level experience. | | I guess you are talking about the first commit I linked. The | problem here seems to be that some events of the kind | HCI_READ_RMT_EXT_FEATURES_COMP_EVT can be shorter than the | assumed 13 bytes. The code contains no check for that and if | the events are shorter, it would read data from after the | allocation. It would use that data to index inside arrays, | etc. | | Now, if you just _allocate_ a buffer of 256 entries but don | 't do anything else, it wouldn't read data from outside the | allocation, yes, but it would still read uninitialized data, | as nothing would be written after the end of the valid data. | That uninitialized data could e.g. come from previous freed | allocations. This would hardly be an improvement. You'd have | to _allocate_ and _zero-initialize_ it, and then you 'd still | have the problem whether zero is invalid data or part of the | allocation... Even if code would figure that out, it would be | extremely smelly code and I'd never merge it in any projects | I maintain. | | The approach done by the patch to just check the length is | much much better. The length is sent as part of the event. | | > Keeping code simple and without unnecessary abstraction is | a far more valuable skill than $safe-language-trend-of-the- | day. | | This code almost directly maps to the bluetooth host | controller interface which is part of the published Bluetooth | standard. So you can't change the core concepts of it. There | are a few abstraction layers which copy the data for some | reason from a new/delete managed hidl_vec to a malloc/free | managed array (check hciEventReceived function in | hci/src/hci_layer_android.cc). Yes, I'd say that some of | those layers are indeed unnecessary. But those abstraction | layers are not where the vulnerability occurs. It occurs in | the code that parses the message, and the bug is that the | code does not check the length of the input data. This is a | classic bug that can occur in C/C++ codebases. | | Safe Rust prevents OOB writes/reads by performing bounds | checks when you index into a slice. | | The issue with languages like C is that verifying that code | is safe is extremely hard, even harder than writing it in the | first place. This codebase seems to have not been written by | Google but by Broadcom, so Google would have to verify | whether what Broadcom wrote is actually safe. With Rust, such | verification is easy. If your code makes little use of | unsafe, and most code doesn't actually have to, it's easy to | verify its safety (at least for the classes of bugs that Rust | eliminates). Due to the strong typing, other types of bugs | are made harder to write as well. | haggy wrote: | This is not a constructive comment. Saying an entire OS "would | have been safer on this language" is just trolling. Comment | should be reported IMO. | pjc50 wrote: | The entire _raison d 'etre_ of Rust is that it can be safer | in exactly these cases where C or C++ is unsafe, and aims | towards their eventual replacement. | | This will take a couple of decades, but it's a worthwhile | effort. | zymhan wrote: | Sure but until someone demonstrates at least a basic PoC | using Rust to replace some Android C code, suggesting that | it can is just speculation at best. | zamalek wrote: | Google has: https://en.wikipedia.org/wiki/Google_Fuchsia | zymhan wrote: | I'm certain that you cannot simply drop-replace an | Android OS component with a Fuschia component. | | My point is, of course Rust is a memory safe language, | and of course it would theoretically prevent overflow | exploits, but throwing in "you should've used Rust" when | this news is announced isn't helping anything. I am | certain that Android devs are at least aware of Rust and | it's benefits. | est31 wrote: | > I am certain that Android devs are at least aware of | Rust and it's benefits. | | There is still not a single Android ROM component that's | written in Rust. Cuttlefish uses crosvm which is Rust | based, but it's a VM for Android testing rather than a | ROM component. So they aren't even ready yet to | experiment with shipping small components in Rust. Same | goes for Chrome btw, it currently has a "no Rust allowed" | policy, which is IMO very sad. | | So yeah I think it's worthwhile to talk about why AOSP | doesn't have Rust components yet, especially as patching | is sadly not available (yet) for most deployed devices. | Large fleets of devices will have the bug for eternity. | Therefore, prevention of vulnerabilities becomes even | more important, which Rust helps doing. Your program | won't be free of them, but as I pointed out above, these | bluetooth vulns fall into the class that safe Rust | eliminates. | eeZah7Ux wrote: | ...especially when the large majority of HN readers are | already aware of rust "thanks" to the rust evangelism | strikeforce. | dx87 wrote: | A day or two ago there was an embedded software developer | here claiming that low-level C developers "know what | they're doing", so any languages with built-in safety | features impose unnecessary safety restrictions, and that | since any software can have bugs, there is no reason to use | anything but C. Once that kind of stubborn attitude dies | out, maybe we'll stop seeing people leave comments saying | "This could have been prevented if they had used language | X". | fulafel wrote: | This is userspace code, it's a legit point to criticise use | of a memory-unsafe language here. It's 2020 after all, 24 | years after "Smashing the stack for fun and profit" and 24 | years into the golden age of C exploits while safer practical | systems languages have existed. And also a legit point to | promote Rust, even if it's a little too new for this | codebase. | chungus_khan wrote: | The transition in perception of UNIX and C from being | buggy, inconsistent, foot-gun-laden corporate messes to | being treated like the immutable ancient ways has certainly | been a trip. | sadfklsjlkjwt wrote: | Isn't that because Os's based on Linux don't share a | single LOC with commercial Unices? | est31 wrote: | I've said nowhere that all of Android should be written in | Rust. I've only said that had _this specific component_ been | written in Rust, the issues wouldn 't have shown up. Of | course the code base is old and predates Rust. | | But I think this vulnerability serves as an important lesson | about which language to choose for _new_ projects in the | embedded area. Thus I 'm very glad that Google uses Rust for | its new OpenSK security key firmware. I hope that future | versions of Android will adopt Rust, at least in newly | written components. Some Google developed Android related | projects are already using Rust, like Cuttlefish which uses | crosvm. | SQueeeeeL wrote: | I mean, they did link to a bunch of source code spots... so | it's not completely unconstructive. | efficax wrote: | Just in general, you can never take for granted the length of | the data you're referencing via a pointer unless you absolutely | control the whole input path and it's amazing to see that | happening in code written at this level | 2T1Qka0rEiPr wrote: | > Keep in mind that most Bluetooth enabled headphones also | support wired analog audio. | | Is this true? | lathiat wrote: | I would say the reverse is true. There is absolutely a subset | that support this but I doubt most is close. | lima wrote: | Actual headphones, yes - many of them have an analog jack. | | But I haven't ever seen a bluetooth headset that support analog | audio. | zeisss wrote: | My Bose QuietComfort 35 has a cable and jack for analog | audio. It is quite common among germans, afaict. | rahuldottech wrote: | Those are headphones. I think OP was talking about wireless | earphones. | Munksgaard wrote: | My Jabra Elite 85h has jack in addition to bluetooth. | rahuldottech wrote: | Again, those are headphones. OP was talking about | earphones, I think. | tushar-r wrote: | Headphones, yep. Earphones? Mostly no. ___________________________________________________________________ (page generated 2020-02-07 23:00 UTC)