Google and Fitbit are merging to create a new health database on all of us

https://www.eff.org/deeplinks/2020/05/stopping-google-fitbit-merger-your-stories-needed


#Google #fitbit #merge #health #bt #bluetooth

SplinterNet

Android app designed to create an unblockable Twitter like network that uses no cellular or Internet communications. All messages are transmitted over Bluetooth between users, creating a true peer-to-peer messaging system. All messages are anonymous to prevent retaliation by government authorities.

SplinterNet is a true peer-to-peer network in that it requires physical proximity to other people to transmit messages. In the current version this happens over a close range Bluetooth connection. To illustrate how SplinterNet works, here is an example scenario:

You take a picture of a protest happening near your home.
Fearing a spread of the protest the government shuts down cellular and Internet access to most citizens.
You write a short message about the protest in SplinterNet and attach the picture.
When you next meet with your friends, you sync SplinterNet with them. They now have your photo and will spread it to their friends.
You also now have all their messages, which includes photos taken of protests happening in other parts of the country.
Any person who can reach a working Internet connection can post all of these photos to any sharing service or send directly to journalists to publicize.
If you fear capture, you can press a single button and all the messages in your copy of SplinterNet are deleted.

Features
Create a post with text and an optional single image.
Mark posts as important to increase their spread within the network. These posts will be sent first during syncing and will be highlighted for the people you sync with.
Delete posts to stop their spread. The contents of the network reflect what users of the network think is important and appropriate. You don't have to spread anything you don't want to.

Project Status
This is an experimental project still in development. All of the features listed here should work, they just haven't been tested in large networks. Please let us know how it works!

https://raw.githubusercontent.com/megamattron/SplinterNet/master/other/splinterNet-infosheet.png

https://github.com/megamattron/SplinterNet


📡 @nogoolag 📡 @libreware
#SplinterNet #im #messaging #p2p #bt #bluetooth

AIR PODS FREQUENCY WARFARE ON THE BRAIN

Electric and Magnetic Field (#EMF) is undetectable areas of energy, frequently referred to as radiation, linked with the use of electrical power and other forms of natural and human-made lighting.

The increase in the sale of this #wireless #headphones calls for serious concern considering how close-ranged the device is to the brain.

The intensity of the radiation equals that emitting from a microwave device which is similar to #Bluetooth radiation, that can cause brain damage.

The Bluetooth device uses radio waves in the 2.4–2.48 GHz frequency range to transmit signals wirelessly between devices. That’s the same range used by microwaves, cell phones, WIFI and other devices.

#Bluetooth #vulnerability allows unauthorized user to record & play audio on Bluetooth speaker via #BlueSpy

Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/

#BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
▪️automatically scans for devices
▪️store MAC addresses of devices that are no longer visible but have enabled Bluetooth
▪️uses Rubber Ducky payloads
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/

Demonstration of using BlueDucky to exploit 0-click Bluetooth vulnerability of unpatched Android smartphone (CVE-2023-45866)
Exploit was triggered by Raspberry Pi 4 and then by Android running NetHunter
https://youtu.be/GOGW7U1f2RA

@androidMalware

#Bluetooth 6.1 enhances privacy with randomized RPA timing

https://www.bleepingcomputer.com/news/security/bluetooth-61-enhances-privacy-with-randomized-rpa-timing/

OSINT via Bluetooth: how Android devices give away the owner

For reasons unknown to me, Bluetooth is still considered a purely local protocol: file transfer, connection to headsets, operation of a fitness bracelet. In practice, it gives a lot more. With proper processing of advertising packages and service information of Bluetooth devices, it is possible to determine the approximate location, type and model of the device, restore movement routes, and in some cases, identify the owner. All this happens without physical access to a smartphone or wearable devices.

Bluetooth-OSINT is used at the information collection stage, during technical support of events, during investigations and during movement monitoring. It is effective both in urban environments and in confined spaces: at train stations, business centers, hotels, and conference halls.

Android devices remain particularly vulnerable. Even with an inactive connection, they continue to send advertising packets.
Advertising packets in the context of Bluetooth, especially Bluetooth Low Energy (BLE), are special short packets of data that a device periodically transmits over the air to inform other devices about its presence.

These packets do not require a connection — they are transmitted "blindly" and are received by all devices within range. It is thanks to these advertising packages, for example, that headphones appear in the list of available Bluetooth devices on your phone.

Many models transmit the device name in clear text — for example, Pixel 8a Alex or Galaxy S22 Masha. This field often contains the user's name or nickname. Such data can be compared with search results in social networks, leaks, and databases.

Even if the name is hidden, there are still values in the packages that can be used to set the model, chip type, and manufacturer's version. If you collect data about such devices from different points, you can build a graph of movements and identify whether the devices belong to the same user.

What is visible via Bluetooth

– Device name
– Signal strength (RSSI) — allows you to estimate the distance to the source
– Manufacturer-specific data — additional fields specified by the manufacturer
– Advertising UUID — often static for specific models
– Frequency of broadcasting and interaction with services

The combination of smartphone, watch and headset is already a unique set. It is easily tracked by its characteristic behavior on the air.

Why Android makes more noise than other OS

– The MAC address may not be randomized until Bluetooth is manually rebooted
- Built–in BLE Privacy protection is either missing or partially implemented
– Device names are often transmitted in clear text
– System services are running in the background: Nearby, Fast Pair, geolocation, Smart Lock

This creates a permanent presence of the device on the radio. Even without connecting to other devices, the smartphone remains visible.

How to reduce visibility

1. Disable Bluetooth if it is not necessary to operate it

2. Disable background scanning:

   Settings → Geolocation → Scan → Bluetooth Scan → Off

3. Change the device name:

   Settings → About the phone → Device Name

4. Disable Nearby Share, Fast Pair, Smart Lock and other Bluetooth-enabled services

5. If root access is available, use additional utilities:
– Magisk BLE Privacy Module
   – XPrivacyLua
   – #Bluetooth MAC Spoofer

Tools for analysis

– nRF Connect — displays BLE packets transmitted over the air
- Beacon Scanner / BLE Hero – detection and tracking of surrounding devices
— btmon with ADB – allows you to view HCI logs, including BLE, without root access
- Kismet is a powerful framework for monitoring wireless interfaces (Wi-Fi, #BLE)

Even if the device is not connected to anything and is in your pocket, it can transmit this data, depending on the firmware, settings, and model. This creates a digital "fingerprint" on the airwaves.

#bt

Millions of #Cars Exposed to Remote #Hacking via PerfektBlue #Bluetooth Attack
https://www.securityweek.com/millions-of-cars-exposed-to-remote-hacking-via-perfektblue-attack/

PerfektBlue Bluetooth attack allows hacking using 1-click RCE infotainment systems of Mercedes, Volkswagen, and Skoda (CVE-2024-45431, CVE-2024-45432, CVE-2024-45433, CVE-2024-45434)
https://perfektblue.pcacybersecurity.com/

Comments

Hardware Security Threats Against #Bluetooth #Mesh Networks

https://ieeexplore.ieee.org/document/8433184/authors#authors

Security risks of Bluetooth

Man-in-the-middle attacks (#MITM):
Bluetooth connections can be susceptible to eavesdropping attacks if strong encryption is not used. Older Bluetooth versions (before 4.2) are particularly risky.

#Bluejacking & #bluesnarfing:
Attackers could try to send unwanted messages (bluejacking) or even steal data from devices (bluesnarfing).

Traceability:
Bluetooth devices often send unique #MAC addresses, which makes users traceable.

Weak standard pairing methods:
Many devices still use simple PINs or confirm connections without verification (e.g. "Just Works" mode with Bluetooth LE).

Risks specific to Bluetooth mesh networks

Mesh networks increase the attack surface:
Each device in the mesh acts as a relay, which means that a compromised device could influence the entire data traffic.

Lack of end-to-end encryption:
If the app/software does not implement additional encryption, messages can be forwarded in plain text.

Decentralized management:
Without centralized control, it is difficult to identify and remove malicious nodes.

#TBOT Show 7: The Significance of Dorsey’s Bitchat, Worlds First eSIM Hack, Mexico’s Digital ID, New Show Source Insights

Took a week off and now I’m back. 😎 (with a new addition to the show?!) (also - big sorry for the show being 40 minutes)

WATCH THE SHOW ON SUBSTACK

https://odysee.com/@takebackourtech:f/tbot-show-7:6

Here’s the stories for the week:

Jack #Dorsey’s #Bitchat - The Real Story: The tech mogul Jack Dorsey released a censorship proof messaging app in late June - named Bitchat. It runs a #bluetooth #mesh network, end to end #e2e #encryption, and rolling IDs and is picking up traction. I share my thoughts on the app, and concerns I have - but that’s not even the real story. I think Jack has a bigger message than just the app.

World’s First #eSIM Hack: A security lab out of Poland just demonstrated a hack on one of the largest SIM providers for IoT devices. We’ll get techy in our understanding and ask the question, could this impact our phones?

#DigitalID, Coming Soon To #Mexico: The Mexican government has signed a new #Biometric #ID law, known as the CURP. How is this enforced and what does it mean for Mexican residents? Find out today.

Decentralized #Video Conferencing: Recently I’ve been relying more on video conferences instead of calling people, especially while traveling. Good thing I’ve got the #Jitsi app, I’ll show you my setup!
#videocall

New Show, “Source Insights”: You follow #TBOT to stay informed on tech freedom. Now go deeper with a new weekly show “Source Insights”, where Hakeem shares his tools, lifestyle and productivity tips, entrepreneurial advice, wisdom from guides, and personal experiences.

Go deeper, join me as a Source Seeker. Unlock access with a paid subscription.

UNLOCK ACCESS

🪄 We aim for our show to be well-researched, well-informed and focused on the most impactful stories

⭐️ PLUS - Each story comes with recommendations and there’s one cool tech trick or open-source solution every week.

We’ll be publishing full posts and clips of each of these stories soon.

Share this post with your crew. 🚢

👩‍💻Get private phones, laptops, and tablets
📲SIM Swap Survival Guide Webinar

Zero-day: #Bluetooth gap turns millions of headphones into listening stations

https://www.heise.de/en/news/Zero-day-Bluetooth-gap-turns-millions-of-headphones-into-listening-stations-10460704.html