
Bluetooth 5 - MrQuincle
http://link.bluetooth.com/m/1/58195719/b15916-c6bbe1ec-a292-43bc-b0ed-289bc62041f7/25/924/b9503bd4-66ea-4261-9e38-48620b7b3c14
======
matthewmacleod
I've been really fascinated recently by whipping out my smartphone in public
and using a Bluetooth LE explorer app to look at what's being advertised, and
it's brilliant. We are all constantly surrounded by devices which are
screaming data about themselves everywhere they go.

Bluetooth 5 seems to increase the range of LE communications, but since I'm
almost sure we're going to have some horrible public hack of one of the
platforms at some point, I hope there is increased focus on the security of
devices that use it!

~~~
sangnoir
> We are all constantly surrounded by devices which are screaming data about
> themselves everywhere they go.

Perhaps you would like to explain what the problem with this is? Broadcasting
presence in itself is not a security hole - unless you think "Do not broadcast
SSID" is a WiFi AP security feature (it's not). If WiFi can be secured (with
devices that "scream data about themselves"), why would Bluetooth be any
different?

~~~
matthewmacleod
_Perhaps you would like to explain what the problem with this is? Broadcasting
presence in itself is not a security hole - unless you think "Do not broadcast
SSID" is a WiFi AP security feature (it's not). If WiFi can be secured (with
devices that "scream data about themselves"), why would Bluetooth be any
different?_

Well, there are a couple of reasons I think this is different:

1\. APs are static and not mobile, versus Bluetooth devices – which can move,
and are more importantly personally associated with a person. That inherently
provides opportunities for more leakage on information, since device addresses
can now be used to track people.

2\. Devices aren't just advertising their existence. They're also advertising
their services, and in some cases actually just sending whatever data a client
asks for. There's a particular brand of iPad stylus which seems to just open
up and send it's accelerometer readings to any device which connects. There
seem to be heart-rate monitors that do the same.

For me, it's much more worrying that devices happily broadcast personal
information without authentication – I don't actually think device
advertisement is a big deal in comparison!

~~~
digi_owl
The basic problem with 2, is that until nfc became commonplace doing pairing
was either by pin not at all. So many devices still accept 0000 or 1234
because they have so way to input a pin, and is too old to use nfc pairing.

~~~
matthewmacleod
Even then, quite a lot of Bluetooth LE devices don't have support for
authentication as such. How to you authenticate a connection to a heart
monitor, for example? It doesn't have any buttons!

------
kozak
Isn't it time for uncompressed A2DP audio at last? It would solve both quality
(generation loss) and latency issues.

~~~
ricardobeat
aptX already allows high-quality audio streaming over BT and has both a
lossless and a low-latency mode. Device support is also already here, I saw a
few last time I was in an electronics store.

~~~
zx2c4
Do you know of any free software implementations of it?

~~~
rasz_pl
[http://forum.xda-developers.com/showthread.php?t=2531440](http://forum.xda-
developers.com/showthread.php?t=2531440)

reusing proprietary library is as close as you can get without paying Qualcomm
tax

------
sundvor
Yay, even better opportunities for government and corporations to track my
whereabouts through my Bluetooth signature. ;)

Tongue-in-cheek, well mostly but not entirely .. I do appreciate e.g. accurate
travel times, yet refuse to believe they won't take it to the next step.
[http://www.theage.com.au/victoria/how-vicroads-tracks-
your-e...](http://www.theage.com.au/victoria/how-vicroads-tracks-your-every-
move-to-keep-you-moving-20160219-gmyll3.html)

~~~
runholm
Modern Bluetooth devices, including all smart phones running Windows, iOS or
Android, does not use static addresses that can be used as a signature to
track you.

Instead, they use private resolvable keys for all handshakes with devices
around them. A new key is generated every few minutes, and only a device which
you have previously bonded with is able to resolve your key through data
exchanged in the bonding process.

~~~
randomfool
Many BLE devices do not advertise with random addresses. iOS and Android do,
but last I checked Fitbit and Tile do not.

------
MBCook
Announced a week before the Apple event. I wonder....

~~~
lm2s
I doubt it, the specification is still being finalized. Only after that will
the chipmakers begin their process.

------
IshKebab
Increased advertising length will be very useful. 31 bytes is rather stingy,
especially with Eddystone-URL (you only get something like 16 bytes for the
URL currently).

~~~
bnmfsd
yes, 17 bytes for the URL.

------
fithisux
I wish they created a developer's only documentation to write drivers and apps
for FOSS systems since the documentation is already huge.

------
melling
What will it take for wireless keyboards and mice to use Bluetooth? Most ship
with their own custom dongle. A single port MacBook, for example, doesn't
really make sense until Bluetooth devices become more popular.

~~~
joesmo
Apple's accessories are already bluetooth. I'm working with a magic trackpad 2
here and it skips all the time, as expected. Magic trackpad 1 did the same. So
did my previous kinesis bluetooth keyboard. So does audio. Oh right, it's OS X
that can't handle bluetooth. Or RF in the case of Logitech products. Hell,
they have trouble keeping wifi on. What you wish for is already here and it's
already shitty, at least on OS X.

~~~
tblt
My Bluetooth devices work flawlessly with my iMac, including the Magic
Mouse/KB etc. What's your RF environment like?

~~~
joesmo
I'd say it's the environment too, but this happens at various locations across
the country consistently with multiple types of Macbooks. Also, at these same
exact locations, I have no problem using bluetooth with my Android phone,
further reducing the likelihood that it's the environment. Finally, all the
threads about OS X bugs relating to BT/RF/WiFi problems that have been
reported for years but ignored by Apple, including reports by Apple's own beta
testers, are a further indication that this is an actual problem and that a
lot of people are having it.

~~~
jon-wood
I've had issues with a non-bluetooth wireless keyboard when plugging the
receiver into my laptop directly which go away when it's connected via a USB
hub a little distance away, which makes me think the laptop itself is causing
interference.

~~~
FireBeyond
I do similar. I have my dock which has a USB extension cable that runs under
the underside of my desk and basically sits directly underneath the mouse and
keyboard. Connectivity issues vanished.

