Bluetooth security issue

If it doesn't relate to Debian, but you still want to share it, please do it here

Bluetooth security issue

Postby GarryRicketson » 2017-09-16 21:33

For me this is a non issue, I don't use it, but I know many users do.

https://www.kb.cert.org/vuls/id/240311

These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen, and may in worst case allow an unauthenticated attacker to perform commands on the device.
User avatar
GarryRicketson
 
Posts: 4360
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Bluetooth security issue

Postby Wheelerof4te » 2017-09-16 21:42

I don't use it either. I am still baffled why I need it on my notebook when copying with an USB from my smartphone is faster.

And that name "BlueBorne", haha. Clearly someone who likes Fromsoft games.
Options for users who don't like systemd as Wheezy EOL draws near
Debian 9 GNOME
Intel Pentium 3825U Broadwell
AMD Radeon R5 330m
8GB DDR3 RAM
User avatar
Wheelerof4te
 
Posts: 412
Joined: 2015-08-30 20:14

Re: Bluetooth security issue

Postby VentGrey » 2017-09-17 00:29

Dear Debian, good thing I do not use Bluetooth. :mrgreen: I fell sorry for the KDE connect guys tho :P
“I felt myself on the edge of the world; peering over the rim into a fathomless chaos of eternal night.”
― H.P. Lovecraft after trying Debian SidImage
User avatar
VentGrey
 
Posts: 156
Joined: 2016-04-26 23:57
Location: Guanajuato México

Re: Bluetooth security issue

Postby pylkko » 2017-09-17 01:07

But you do realize that a fix for this was issued the 13th of Sep already? That's, what, three days before you post about it.
https://www.debian.org/security/2017/dsa-3972
User avatar
pylkko
 
Posts: 1177
Joined: 2014-11-06 19:02

Re: Bluetooth security issue

Postby GarryRicketson » 2017-09-17 01:51

Well, no, since I do not use this bluez package, nor blue tooth, I did not know that.
That's, what, three days before you post about it.

13 sept, yes that was 3 days ago,... so Should I remove my post ?

In any event , now those that do use it, also know there is a fix.
And my apology for posting it 3 days after a fix was made.
User avatar
GarryRicketson
 
Posts: 4360
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Bluetooth security issue

Postby RU55EL » 2017-09-17 05:18

GarryRicketson wrote:[,,,]
And my apology for posting it 3 days after a fix was made.


No need to apologize Garry. Your post is a good reminder to everyone to keep their system updated.
User avatar
RU55EL
 
Posts: 314
Joined: 2014-04-07 03:42
Location: /home/russel

Re: Bluetooth security issue

Postby pylkko » 2017-09-17 06:30

When I said: "you do realize.." I wasn't referring to Garry alone. I was referring to the fact that three posts are "gloating" on the issue not even realizing it is fixed. :roll:

Bluetooth is not a good protocol for file transfer (from a mobile phone for example). But it is really good for a lot of things (low latency, low power consumption). For example, I created a Debian based RC car which uses serial over bluetooth contolled from a phone. Try pull that off in any sensible sense with some other protocol. WIFI is an option, but power hungry and you most likely need a router or network, RF or infra red.. yes but how do you connect it to a phone? What about audio streaming? Yeah, sure, you can stream over Wifi, but considering the power usage it does not make a lot of sense in all situations...

But yes, Garry. I actually think that it is immoral - in a way - that in that other thread (viewtopic.php?f=7&t=134698) you told a guy that was attempting to use a bluetooth device (that he needs for work!) to not use it because "bluetooth is insecure". Then you referenced a vulnerability that is already fixed. All networking protocols and software have vulnerabilities, yet you are not advocating the non-use of Wifi or Ethernet etc. You don't like bluetooth. FIne, but say it then. To me that post read as trying to masquerade your opinion as fact.

For what it's worth, people should notice that this vulnerability is fixed in bluez 5.47 upstream. That means that currently it is not fixed in Debian testing (5.45) and Sid (5.46), only in Stretch and Jessie.
User avatar
pylkko
 
Posts: 1177
Joined: 2014-11-06 19:02

Re: Bluetooth security issue

Postby pylkko » 2017-10-03 17:27

The upstream fix entered Buster just a few days ago. So that's about 2 weeks later than for stable. So when people wonder what "official" security updates are... here is your answer.
User avatar
pylkko
 
Posts: 1177
Joined: 2014-11-06 19:02

Re: Bluetooth security issue

Postby wizard10000 » 2017-10-04 11:50

VentGrey wrote:I fell sorry for the KDE connect guys tho :P


I quit using KDE Connect as for me it was kinda useless but it works just fine over wi-fi.
we see things not as they are, but as we are.
-- anais nin
User avatar
wizard10000
 
Posts: 1204
Joined: 2011-05-09 20:02
Location: everywhere i go, there i am!


Return to Offtopic

Who is online

Users browsing this forum: No registered users and 3 guests

fashionable