I recalled reading about this at the beginning of this month, I haven’t seen any updates on a fix or anything. Figured I’d ponder it with you folks over here.

I have since stopped using most of my Bluetooth devices as a precaution. How real of a threat is this vulnerability? Thanks and sorry if this kind of post is in the wrong spot.

  • BearOfaTime@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    11 months ago

    Well, since I’ve not seen any updates to the BT stack, I’d go with yes.

    Stopping using BT seems a bit extreme. What’s your risk?

    I only use BT for listening to music/podcasts. I never allow BT connections to have access to contacts, messages, etc. So the only risk (contacts/messages) is pretty well mitigated (for me). For someone who uses BT for contact sync, messages, calls, etc, there may be greater risk.

    And IIRC, BLUFFS is a MITM risk (existing connection can be spoofed because of how a key is managed), so only connect to devices you control, don’t allow random connections, leave BT off as much as is reasonable, and perhaps delete/recreate connections occasionally (I think the key gets regenerated on a new connection?).

    The most someone would get from my BT is listening to my podcasts.