“Bluetooth is bad and you should stop using it” — not exactly

Mashable:

Everyone uses Bluetooth. Perhaps they shouldn’t.

The technology that we’ve come to rely on to connect our phones, smart speakers, cars, vibrators, and toasters is problematic for reasons more serious than pairing issues. Bluetooth has been shown time and time again to be a security and privacy nightmare — albeit one that can be mostly solved with a simple toggling of an off switch.

I got pointed to this Mashable (I know, I know) post by someone and it’s a good object lesson in checking before you post. On its face, it sounds silly but it may be possible. So I checked with my favourite security guy, Rich Mogull of DisruptOps.

I asked Rich, “Is this sensationalism by Mashable (that wouldn’t be a surprise) or a “real” issue?” Rich responded with these tweets:

Saying you should stop using Bluetooth is the kind of disconnected, unrealistic security advice that results in security people not being invited to anyone else’s parties.

The flaw is real and very serious. It’s also manageable by vendors enforcing min key length.

I followed up with, “Which begs the question, “Do vendors enforce min key length?” Does “min key length” mean passwords or something else? Is that something on the user end or vendor-side?”

Rich said:

It is the length of the encryption key used in pairing… nothing a user can control. All on the vendor side. I think most or all Apple devices (and Microsoft, according to press releases) are protected.

So, Bluetooth could be a security and privacy nightmare but it’s not. Thanks Rich.