View profile

The Bad Bluetooth Story Blues 🎧

MidRange
The Bad Bluetooth Story Blues 🎧
By Ernie Smith • Issue #135 • View online
In an effort to write up some inside baseball about Vice President Kamala Harris, Politico misses an opportunity to teach a broad audience about a common technology’s inherent security risks.

Kamala embraces the wired earbuds. (Joel De Vera/Unsplash)
Kamala embraces the wired earbuds. (Joel De Vera/Unsplash)
Look, I will not claim that I read Politico for the hard-hitting journalism these days—something about the general model puts an emphasis on gossip over serious journalism, especially in the hands of certain reporters—but a recent newsletter of theirs that put a spotlight on Vice President Kamala Harris’ headphone habits shows how, too often, they miss a bigger story in favor of something vapid.
In this case: After a period in which we had people in the White House who didn’t take cybersecurity seriously, now we do.
But instead, the piece, given the opportunity to highlight this general point and spend literally 10 seconds Googling the potential security risks of Bluetooth headphones, does this instead:
While wired headphones have re-emerged as a hip vintage accessory among Gen Z, Harris’ embrace of them is less about fashion than caution. Former aides say that the vice president has long been careful about security and technology—with some describing it as prudent and others suggesting it’s a bit paranoid.
Ten to one, my WH-1000XM3s will probably never have the nuclear codes going through them, but Harris’ might! And that we have a vice president who actually takes these risks seriously is a good thing.
Fortunately for all of us, Harris’ departing senior advisor, Symone Sanders, gave this story just the amount of oxygen it deserved:
SDS
Not to be snarky, but we had more important things to do today. https://t.co/b0CMSL9ct0
But that said, I do think there is a bigger opportunity to use this story to highlight the fact that this common technology that millions of people take for granted needs to be understood to be something of an accepted security risk. So let me do Politico’s job for them real quick.
Here’s a quick list of the reasons Bluetooth is problematic from a security standpoint:
  • Its age and maturity. Because the standard ahas iterated so many times over the years (first being formalized in 1998), older implementations have been used on a lot of devices, and a Bluetooth 1 device has specification limitations compared to Bluetooth 5. But end users are unlikely to know the distinction in any real way. We literally have a quarter-century of devices that support Bluetooth and most of them have never been patched.
  • Its complexity. As Wired reported in 2019, the Bluetooth Special Interest Group took a far more in-depth approach to putting together its standard than other similar groups did, which actually introduced a security issue of its own. “The Bluetooth SIG tried to do something very comprehensive that fits to many various needs, but the complexity means it’s really hard to know how you should use it if you’re a manufacturer,” noted security researcher Ben Seri, who helped discover the BlueBorne exploit.
  • Its wide use. Just as Windows found itself heavily targeted by virus-makers during the Windows XP era, the fact that Bluetooth is used in so many things makes it an easy target. As Chris Hauk of PixelPrivacy told Dark Reading: “It is a constant back and forth between Bluetooth radio manufacturers, who scramble to fix flaws via firmware updates, and bad actors that scramble to exploit the flaws before they’re fixed.”
That Kamala Harris appears to have actually done her homework on this issue is admirable. That we report on it as if she’s somehow weird for doing so is immensely problematic.
Related Reads:
Headphone Antennas: The Walkman's Long-Hidden Feature
Time limit given ⏲: 30 minutes
Time left on clock ⏲: 19 seconds
If you like this, be sure to check out more of my writing at Tedium: The Dull Side of the Internet.
Do you own a newsletter? Want to try your hand at writing an entire article in 30 minutes or less? If so, let’s do a swap—reply to this email to see about setting something up.
Dig this issue? Let me know! (And make sure you tell others about MidRange!)
Did you enjoy this issue?
Ernie Smith

Not quite short form, not quite tedious. A less ambitious newsletter by Ernie Smith.

Not ten short items. Not one long item. One mid-range item.

Three times a week (Monday, Tuesday, Thursday). With a time limit. ⏲

Tweet     Share
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue