The Bad Bluetooth Story Blues 🎧

In an effort to write up some inside baseball about Vice President Kamala Harris, Politico misses an opportunity to teach a broad audience about a common technology’s inherent security risks.

Kamala embraces the wired earbuds. (Joel De Vera/Unsplash)

Look, I will not claim that I read Politico for the hard-hitting journalism these days—something about the general model puts an emphasis on gossip over serious journalism, especially in the hands of certain reporters—but a recent newsletter of theirs that put a spotlight on Vice President Kamala Harris’ headphone habits shows how, too often, they miss a bigger story in favor of something vapid.

In this case: After a period in which we had people in the White House who didn’t take cybersecurity seriously, now we do.

But instead, the piece, given the opportunity to highlight this general point and spend literally 10 seconds Googling the potential security risks of Bluetooth headphones, does this instead:

While wired headphones have re-emerged as a hip vintage accessory among Gen Z, Harris’ embrace of them is less about fashion than caution. Former aides say that the vice president has long been careful about security and technology—with some describing it as prudent and others suggesting it’s a bit paranoid.

Ten to one, my WH-1000XM3s will probably never have the nuclear codes going through them, but Harris’ might! And that we have a vice president who actually takes these risks seriously is a good thing.

Fortunately for all of us, Harris’ departing senior advisor, Symone Sanders, gave this story just the amount of oxygen it deserved:

https://twitter.com/SymoneSanders46/status/1468022418832777217

But that said, I do think there is a bigger opportunity to use this story to highlight the fact that this common technology that millions of people take for granted needs to be understood to be something of an accepted security risk. So let me do Politico’s job for them real quick.

Here’s a quick list of the reasons Bluetooth is problematic from a security standpoint:

  • Its age and maturity. Because the standard ahas iterated so many times over the years (first being formalized in 1998), older implementations have been used on a lot of devices, and a Bluetooth 1 device has specification limitations compared to Bluetooth 5. But end users are unlikely to know the distinction in any real way. We literally have a quarter-century of devices that support Bluetooth and most of them have never been patched.
  • Its complexity. As Wired reported in 2019, the Bluetooth Special Interest Group took a far more in-depth approach to putting together its standard than other similar groups did, which actually introduced a security issue of its own. “The Bluetooth SIG tried to do something very comprehensive that fits to many various needs, but the complexity means it’s really hard to know how you should use it if you’re a manufacturer,” noted security researcher Ben Seri, who helped discover the BlueBorne exploit.
  • Its wide use. Just as Windows found itself heavily targeted by virus-makers during the Windows XP era, the fact that Bluetooth is used in so many things makes it an easy target. As Chris Hauk of PixelPrivacy told Dark Reading: “It is a constant back and forth between Bluetooth radio manufacturers, who scramble to fix flaws via firmware updates, and bad actors that scramble to exploit the flaws before they're fixed.”

That Kamala Harris appears to have actually done her homework on this issue is admirable. That we report on it as if she’s somehow weird for doing so is immensely problematic.

Time limit given ⏲: 30 minutes

Time left on clock ⏲: 19 seconds

Ernie Smith

Your time was just wasted by Ernie Smith

Ernie Smith is the editor of Tedium, and an active internet snarker. Between his many internet side projects, he finds time to hang out with his wife Cat, who's funnier than he is.

Find me on: Website Twitter

Related Reads