Bluetooth has never really been that secure. It should be switched off when not being used, as should Wifi. It saves the battery too. Wired headphones are fine, and bluetooth speakers seem to be overused in public transport, by assholes listening to rap music.

Evildead666:

Bluetooth has never really been that secure. It should be switched off when not being used, as should Wifi. It saves the battery too. Wired headphones are fine, and bluetooth speakers seem to be overused in public transport, by assholes listening to rap music.

The problem with this once you have a few BT devices it gets hard to turn it off. I use BT for my FitBit and for music in my car (music starts as soon as I start the car, no intervention necessary). So I am using BT more often than not. Same with WiFi, I have WiFi at work and at home and my city has free WiFi downtown. Why would I bother to turn it off in the few instances I am not in these places? It is no surprise to me that iOS has just one hole vs the 8 in Android. Apple has always been more security focused than Google which is the main reason I prefer them. I also anticipate Apple will patch it faster than Google as well.

Tree Dude:

The problem with this once you have a few BT devices it gets hard to turn it off. I use BT for my FitBit and for music in my car (music starts as soon as I start the car, no intervention necessary). So I am using BT more often than not. Same with WiFi, I have WiFi at work and at home and my city has free WiFi downtown. Why would I bother to turn it off in the few instances I am not in these places? It is no surprise to me that iOS has just one hole vs the 8 in Android. Apple has always been more security focused than Google which is the main reason I prefer them. I also anticipate Apple will patch it faster than Google as well.

Google already patched it with the September security updates. Problem is that those fixes don't get filtered down to Android OEM's for months, if not years, sometimes never.

Evildead666:

Bluetooth has never really been that secure. Wired headphones are fine, and bluetooth speakers seem to be overused in public transport, by assholes listening to rap music.

I dont want to start an arguemnt but not everyone who listens to "RAP MUSIC" is an asshole. Over the TOP comment IMO.

Maybe it's not about rap but more about said people blasting music they like through a speaker forcing everyone around them to listen to it whether they like it or not. A bit asshole-ish one might say. Tbh I don't get this trend either - travelling in public transport and blasting your music out loud or people running and carrying a speaker in their hand instead of using headphones, just, why?

@Tree Dude lol. no they are not. the only time i got a usb stick infected, was when i copied files to an apple on display (5 apples total), yet none of the other 15 windows computer (vista/7) transfered anything to the stick, even that they were used a lot more for "testing/surfing" than the apples. having less total amount of possible infections than other OSes doesnt mean its safer. besides that, google how many flaws are/were known to apple os/ios, and not fixed for month/years even after being contacted by "finder" about it. so sure, less overall chance/risc to get infected, but most apple users dont even care to run av/malware protection (cause those devices are so safe..), so "one flaw" is enough to do damage...

fry178:

@Tree Dude lol. no they are not. the only time i got a usb stick infected, was when i copied files to an apple on display (5 apples total), yet none of the other 15 windows computer (vista/7) transfered anything to the stick, even that they were used a lot more for "testing/surfing" than the apples. having less total amount of possible infections than other OSes doesnt mean its safer. besides that, google how many flaws are/were known to apple os/ios, and not fixed for month/years even after being contacted by "finder" about it. so sure, less overall chance/risc to get infected, but most apple users dont even care to run av/malware protection (cause those devices are so safe..), so "one flaw" is enough to do damage...

One instance of infection from you means nothing. Who runs an AV on their phone? I don't know anyone, Android or iOS that runs an AV. No one wants to slow their phone down. Google only gives you 2yrs of OS upgrades on their Nexus and Pixel phones, where as I have a 5yr old iPhone 5 that had the latest iOS 10 on it. If you don't have an Google branded phone, well you might get updates or the manufacturer also might drop support in 6 months and move on. And that right there is the biggest risk with a Android phone. Support is the biggest mitigating factor to vulnerable devices and Apple has everyone beat. Until Google does something to fix the fragmentation of their ecosystem (oh and you know, stops mining my data for ad targeting), I will stay far, far away.

Tree Dude:

One instance of infection from you means nothing. Who runs an AV on their phone? I don't know anyone, Android or iOS that runs an AV. No one wants to slow their phone down. Google only gives you 2yrs of OS upgrades on their Nexus and Pixel phones, where as I have a 5yr old iPhone 5 that had the latest iOS 10 on it. If you don't have an Google branded phone, well you might get updates or the manufacturer also might drop support in 6 months and move on. And that right there is the biggest risk with a Android phone. Support is the biggest mitigating factor to vulnerable devices and Apple has everyone beat. Until Google does something to fix the fragmentation of their ecosystem (oh and you know, stops mining my data for ad targeting), I will stay far, far away.

Android has a built in AV now with Play Protect and their phones receive security updates for 3 years, it's major OS updates that are only 2 years - but yeah, in general their security is not as good as Apple's and a large part of that is what you mentioned, fragmentation in the hardware ecosystem and failure to support their own devices for longer periods of time. They've made improvements recently with the monthly update program and whatnot but it's still rather lackluster.

I started using an AV on my smartphone and tablet when support stopped, shortly after Android 6 was made available.

someone was telling me about this very experiment today. if i want to access my phone through another device, ill hardwire it, thanks. the internet of things is a pointless fad, much like VR. until theres something...anything...concrete to gain, im opting out. thats the issue at hand here - theres no functionality that i benefit from thats worth the security risk of constantly broadcasting my device. i say that fully understanding that many other people ignore risks due to rationalizations of probability (bad things happen but they wont happen to me), or simply disregard them instead due to rationalization of importance/relevance (nothing to hide, nothing to fear fallacy)

Tree Dude:

Apple has always been more security focused than Google

no, they havent. nobody bothers writing viruses for apple products because they control a sliver of the desktop market (dont mention servers). inb4 iphones are everywhere...up until very recently, penetrating smartphones didnt get hackers much sensitive information besides the odd credit card. their adherence to updating their devices software is based upon their ideological want/need to have every device operating under one condition or environment - not to have a more secure OS, but to easily control stability/functionality problems that arise through a new patch. pls note im not defending android devices topping out at particular iterations; thats a very legit complaint, & shy of hardware incompatibility, it frankly shouldnt happen at all.

GroinShooter:

Maybe it's not about rap but more about said people blasting music they like through a speaker forcing everyone around them to listen to it whether they like it or not. A bit asshole-ish one might say. Tbh I don't get this trend either - travelling in public transport and blasting your music out loud or people running and carrying a speaker in their hand instead of using headphones, just, why?

Yes, this. Invariably, its Rap music, on a BT speaker, loud enough for me to hear it above my in-ear headphones.

__hollywood|meo:

no, they havent. nobody bothers writing viruses for apple products because they control a sliver of the desktop market (dont mention servers). inb4 iphones are everywhere...up until very recently, penetrating smartphones didnt get hackers much sensitive information besides the odd credit card. their adherence to updating their devices software is based upon their ideological want/need to have every device operating under one condition or environment - not to have a more secure OS, but to easily control stability/functionality problems that arise through a new patch. pls note im not defending android devices topping out at particular iterations; thats a very legit complaint, & shy of hardware incompatibility, it frankly shouldnt happen at all.

People have been using their smartphones and tablets for almost everything for over 5yrs now, not as recent as you think. And Apple's support is absolutely security focused, the last iOS update was a slew of security fixes. Frequent and consistent patching is the only way to be secure, everything else is secondary. Also you can write a virus and put it in Google's app store and it will hit hundreds of devices before Google removes it. Apple you can't do that because they have an approval process. The OS fragmentation and wide open app store are the reasons why Android phones are far less secure than and iOS. We can bicker over Apple's motivations, but they did not have to put end to end iCloud encryption in place. They did not have to encrypt iCloud backups in a way that even they cannot access them. That was done purely for security.

Lol i been talkin about this stuff since cupcake on developer forums even look at my threads here https://forums.guru3d.com/threads/nexus5x-connection-problems.410492/#post-5369297 https://forums.guru3d.com/threads/android-tweak-thread.410547/#post-5369335 maybe people dont care until they on youporn lol tryin to sell their sex tape

..it doesn’t matter what version of the Bluetooth protocol a device supports -- they’re all affected, with the exception of those that support only Bluetooth Low Energy, also known as Bluetooth smart..

So Bluetooth LE is ok then, I think most newer android phones use this type, no? My galaxy alpha is now ~3yrs old and has LE version of it.

Bluetooth 4.0, A2DP, EDR, LE

yeah, tj.

Tree Dude:

People have been using their smartphones and tablets for almost everything for over 5yrs now, not as recent as you think.

i took that into account making my statement.

Tree Dude:

the last iOS update was a slew of security fixes.

that is laudable. i did also say that the curiously inconsistent OS version support for android hardware is a valid & major issue. cloud encryption doesnt refute my assertion. if you ask me, the cloud shouldnt exist in the first place. its very presence is a security risk vs local storage regardless of encryption methods. again, consolidated iOS version is done because they dont want to write two or three patches, updates, wrappers, watever, for the same applet/OS codebase in order for the hardware to work the way they want it to. thats the only leg up they might have that i see, personally, & thats not much. ive done a few security audits/pentests on wired, wireless, mobile, even airgap...that being said, i havent tested iOS11 yet. i talked to a security chief (friend of a friend i just met) who was bragging about his fortune200 company using apple products today who insisted the company issued mobile phones were basically impenetrable. the guy always has bluetooth enabled. guess wat? so do his employees & associates. that was a tough conversation until the talk got technical & he stopped arguing...you dont have to root your mobile for the device to be compromised...

-Tj-:

So Bluetooth LE is ok then, I think most newer android phones use this type, no? My galaxy alpha is now ~3yrs old and has LE version of it.

It looks like it has to only support Bluetooth LE. your Phone supporting Bluetooth 4 is affected. Bluetooth LE only devices must be these IoT things that are being touted as the next coming of Jesus, when they are just as vulnerable, but in other ways....or smartwatches/health bands, etc...