this post was submitted on 10 Mar 2025
32 points (90.0% liked)

Privacy

2596 readers
172 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 7 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
32
Undocumented commands found in Bluetooth chip used by a billion devices (www.bleepingcomputer.com)
submitted 3 months ago* (last edited 3 months ago) by Blaze@lemmy.zip to c/privacy@lemmy.dbzer0.com
9 comments fedilink hide all child comments
 

Counter article: https://news.ycombinator.com/item?id=43301369

you are viewing a single comment's thread
view the rest of the comments
[–] Oisteink@feddit.nl 1 points 3 months ago (8 children)

This is misinformation- why spread links your don’t understand? Is this russia??

[–] BananaTrifleViolin@lemmy.world 8 points 3 months ago* (last edited 3 months ago) (3 children)

Whats misinformation about it? To say "this is misinformation" and not explain why can be a form of misinformation in itself.

The article does say it previously called this a "backdoor" and has been changed. Otherwise it seems to be fairly factual although the person it quotes continues to use the term "backdoor".

To say its a backdoor does infer this is deliberate or some motivation to concealing the prescence of these commands - there is no evidence for this whatsoever and there is no evidence there is malign intent. Most chips likely have undocumented commands used by the chipmakers.

However it is fair to say this is a potential security risk if these commands are not locked down in production and could be used as an attack vector. Even if they could be used to scrape information that would be concerning. But we'd need to know more detail.

If its been covered better elsewhere please share it as that is a netter counter to misinformation than just saying misinformation.

[–] Oisteink@feddit.nl 2 points 3 months ago* (last edited 3 months ago) (2 children)

The issue is if it can be used as an attack vector. The article and the presentation that was translated indicates it is, but it seems to require root/firmware access to the device. Thats like saying your fridge is insecure as I can open it if i manage to break into your house.

The issue with links like this is that its been discussed in many places all over the internet, but the link was still posted without op doing due diligence. Maybe not done in bad faith, but it still spreads misinformation. Like I said; why post if you don’t understand or can verify? Clicks and points??

[–] Nomecks@lemmy.ca 2 points 3 months ago (1 children)

Ever heard of lateral movement? Just because they don't use this exploit to kick in the front door doesn't mean that they can't use it to steal all your information or attack others once they're in.

[–] Oisteink@feddit.nl 2 points 3 months ago

Yeah - but it’s not presented as: this could be harmful for your compromised devices. If it was I would have no objections

load more comments (4 replies)