← Back to context

Comment by TheAceOfHearts

8 hours ago

Haven't watched the video yet, but I think this capability was leaked by VP Kamala Harris during her recent interview with the Late Night Show [0]. She stated she doesn't use wireless headphones because she's been in security meetings and knows they're not safe.

[0] https://youtu.be/BD8Nf09z_38 (Timestamp 18:40)

17 comments

TheAceOfHearts

Reply
upofadown  2 hours ago

Regular Bluetooth security is not that great. A lot of it is poor usability where the user can't easily know that they don't have a secure connection. Setting up a secure connection might involve entering a PIN on each end of the connection which might be challenging for something like a pair of earbuds. This contains a nice discussion of the issues and talks about active attacks:

* https://arxiv.org/pdf/2108.07190

denysvitali  7 hours ago

Disclaimer: This comment is not intended to be political - I don't care about the specific party she's part of.

Out of all the people I would trust on the matter, Kamala Harris doesn't certainly end up at the top of my list, for reasons such as this one: https://youtu.be/O2SLyBL2kdM?si=Zq-EN8zxj4Y_UCwI

You also don't need to be in classified meetings to understand that Bluetooth/ BLE (and specifically the way most vendors implement the spec) is not as secure as other more battle-tested technologies

  • ahoef  7 hours ago

    What she says isn't necessary untrue, now is it? She just skips a lot of steps most people have no clue about.

    I had files in a cabinet, now they are digital. And most often also on a cloud drive, which is metaphysical in some sense. For most it is indistinguishable from magic.

  • dijit  7 hours ago

    I think many people would be justified in making the argument that bluetooth has existed for at least 20 years and thus is the established battle tested protocol.

    • denysvitali  7 hours ago

      Yeah, but Bluetooth spec changed a lot over the years (3000+ pages) and the certification price is rather expensive.

      There's an interesting article from Wired [1] about this, although some interesting comments from the engineers working on BT stacks are far more interesting. It seems like most of the manufacturers do not create spec-compliant devices, and that the tests from the certification are just poor.

      I'd love to hear more from an expert on the topic, but this looks to be the consensus.

      [1]: https://archive.ph/6201V

      1 reply →

    • IshKebab  6 hours ago

      I think people are generally aware of how low quality the Bluetooth protocol suite is though so maybe they'd guess that extends to security too.

      I definitely remember lots of folk security advice to keep bluetooth off on your phone back when smartphones were new (nobody does that now though, and Android auto-enables it these days).

  • quesera  6 hours ago

    > doesn't certainly end up at the top of my list

    There hasn't been a POTUS or VPOTUS with a technical background in the last 45 years (Jimmy Carter was a nuclear engineer). So obviously none of them would be authoritative on such topics.

    However the individual in question is not delusional or conspiratorial, and we know for sure that they are receiving advice or restrictions from extremely well-informed sources, so there's every reason to believe they are (lo-fi) repeating that.

  • ycombinary  6 hours ago

    It's essentially a statement about the view of gov security, not about the view of an individual.

pxeger1  4 hours ago

> this capability was leaked

I think the policy Harris is referring to is based on the _risk_ of something like this - it is easy to imagine wireless devices being vulnerable and enabling this capability - rather than being based on definitive existence of this capability.

9029  6 hours ago

It seems this vuln was already publicized in june, or is that interview from earlier?

ProllyInfamous  2 hours ago

My brother [0] is a state judge whom uses a typewriter specifically for OpSec.

Because he also knows a thing or two about technology. His agency won't even allow him use an iPhone (for official business).

[0] Dude is decades away from retirement, not even close to "Boomer"