Conversation

KatieMussouris (she/her)

@k8em0

·

Sep 21, 2020

“official BLE specification didn't contain strong-enough language to describe the reconnection process. As a result, 2 systemic issues have made their way into BLE software implementations, down the software supply-chain Android: no fix😱 Apple: fixed😰 Windows: not vulnerable😶

Quote Tweet

Threat Intelligence

@threatintel

·

Sep 20, 2020

BLESA: Bluetooth bug affects billions of devices https://zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/#ftag=RSSbaffb68…

3

20

26

Daniel Micay

@DanielMicay

Replying to

@k8em0

Google Pixel XL has been end-of-life since November 2019. It hasn't received security updates for almost a year. It's not an indicator of what has been fixed in the monthly security updates and it's strange to be testing the impact of updates on a device not receiving them.

3:00 PM · Sep 21, 2020·Twitter Web App

2

Likes

KatieMussouris (she/her)

@k8em0

·

Sep 21, 2020

Replying to

@DanielMicay

It’s not at all strange to test devices that are still in widespread use. Users still need to be warned of their exposure. Mitigations can often still be provided, even in the absence of official support. A device that went out of support recently absolutely falls in that group

1

2

Daniel Micay

@DanielMicay

·

Sep 21, 2020

Replying to

@k8em0

> It’s not at all strange to test devices that are still in widespread use. That's not what I said. I pointed out that it hasn't received OS security updates for almost a year, and it's illogical to use it to test what was fixed in those OS security updates. Doesn't make sense.

1

Show replies