Comment by stefan_

7 hours ago

This is not a Bluetooth issue. The chip manufacturer Airoha just felt it acceptable to ship a wireless debug interface that allows reading the SoC memory with no authentication whatsoever, enabled in retail customer builds. They are just not a serious company (which is why their security email didn't work, either).

2 comments

stefan_

amelius 4 hours ago

I mean, most companies have security last on their budget list.

It tells more about human nature than about a company.

This can only be fixed systemically by huge fines and/or imprisonment. Otherwise the temptation of taking the risk to neglect security is too strong.

LargoLasskhyfv 5 hours ago

Wireless 'JTAG'! The Dream :)