View Single Post
Old April 10th, 2014, 04:11 AM   #44 (permalink)
Cleverness is not wisdom
Thread Author (OP)
SolApathy's Avatar
Join Date: Jun 2010
Location: Ohio
Gender: Male
Posts: 1,362
Device(s): EVO LTE | HTC M7 | HTC M8- ViperROM |
Carrier: Sprint-Rooted

Thanks: 408
Thanked 836 Times in 460 Posts

So I got a call last night from HTC Special Projects team regarding the Bluetooth issue (was really surprised to get any reply!) I reported and they have stated it it is a bug , and that it was important enough to warrant a call. Apparently I was the first to report it, and they are quickly working on resolving it and putting out a patch to resolve the issue and potential exploit concerns

for those unfamiliar with the issue-

Normally when BT is active you can choose 2 options:

-Phone visible to everything (with a timeout menu item available to adjust the length of visibility)
-Phone only visible to paired devices.

The HTC M8 is missing the option to hide the phone from all unpaired devices, meaning when BT is on, everyone can not only see it, but they can also attempt to pair to it (imagine some annoying person in a internet cafe trying to request access which pops up a request on your screen) While they would not be able to connect they could annoy you with pop-ups requesting connections which would be quite aggravating.

On the more sinister side of things it make the phone more of a target for exploits by saying "I'm here, try to hack me!" Though anyone can sniff your BT address this just makes you a little more tasty than everyone else.

I will not go into the details of how they can exploit BT, with it's limited effective range, but there are many exploits out there that can allow hackers to remotely access a phone (provided they are within range) and use it to make calls, access data, listen in on conversations and browse the internet.

If you frequent busy places like internet cafe's you can become a prime target.
SolApathy is offline  
Reply With Quote
The Following 3 Users Say Thank You to SolApathy For This Useful Post:
iowabowtech (April 10th, 2014), irishjoeyo (April 22nd, 2014), sikclown (April 10th, 2014)