bluetooth wifi bugs
#1
So im going to put this out there, but i think and im not a security researcher but would it be possible for somebody who is to go over the wifi and bluetooth code and look for any exploits that say might allow a hacker to access the wifi and or bluetooth chipset when the wifi or bluetooth is turned on and not connected to any network. 

I mean this as say when you turn the wifi or bluetooth on but dont connect to any network and use a hacking tool like airmong or something different in say kali or custom build tool that looks for signals in the air and allows the tool to connect to that wifi or bluetooth signal in the air and exploits that chipset to make a connection to that device. 

Also does for my knowledge right now when the wifi or bluetooth is turned off or it appears to be off, is the chips still on giving off a signal when it should be off, there might be a malfunction there that allows the chip to appear off when it is not.

Note: OS is arch. 

I thought i would bring these issues to the forum for somebody who is a security researcher to check them out. Thank you
  Reply
#2
Sorry, but reading first your other thread and now this, I think you have a ridiculously high amount of paranoia.

Any WiFi and/or Bluetooth chipset is potentially vulnerable to exploits in the hardware, the firmware, or the kernel driver. Also the ones in your computer, in other smartphones, etc. Whether software has its source code publicly available or not has been found to have little to no impact on its security track record. People looking for security vulnerabilities can reverse-engineer closed-source code. (Also note that the WiFi/BT chipset's firmware is actually proprietary closed-source code, only the kernel driver is Free Software.)

In practice, such a vulnerability would have to be found first. To the best of my knowledge, there are currently no known ones, and if ones are found, I would hope that they get addressed quickly by a driver or firmware update.

If you really want to make sure that WiFi and Bluetooth are turned off, just turn off the corresponding hardware killswitch. And if you do not even trust the PinePhone's hardware, you should be able to verify with a voltmeter that the chip is really no longer powered.

But if you need working WiFi and/or Bluetooth, then by design, exposure to the theoretical risk of over-the-air exploits cannot be avoided, no matter what chipset on what device you are using.
  Reply
#3
When you turn the kill switch off, the only kind of malfunction that could cause the modern to work is a short circuit. Statisticaly, the kind that if you had one, it would cause other problems first. Frankly, the level of security you are seeking can only be obtained by taking charge yourself. Understand the hardware and software to the point you could actually hack it yourself; then you will have what you are looking for.
:wq



[ SRA accepts you ]

Everyone wants me to quit using NetBSD
  Reply
#4
(08-23-2023, 11:38 PM)KC9UDX Wrote: When you turn the kill switch off, the only kind of malfunction that could cause the modern to work is a short circuit.  Statisticaly, the kind that if you had one, it would cause other problems first.  Frankly, the level of security you are seeking can only be obtained by taking charge yourself.  Understand the hardware and software to the point you could actually hack it yourself; then you will have what you are looking for.

What ment by turning off the bluetooth and wifi is by keeping the hardware switch in the up position on the back of the phone but on the screen you can see the icons but they have that off or line saying they are off. Thats what i want to know and have some suspicions that the software may say they are off but it might really be on still allowing anybody with the right tools to connect to it.
  Reply
#5
(08-24-2023, 06:55 AM)aular Wrote:
(08-23-2023, 11:38 PM)KC9UDX Wrote: When you turn the kill switch off, the only kind of malfunction that could cause the modern to work is a short circuit.  Statisticaly, the kind that if you had one, it would cause other problems first.  Frankly, the level of security you are seeking can only be obtained by taking charge yourself.  Understand the hardware and software to the point you could actually hack it yourself; then you will have what you are looking for.

What ment by turning off the bluetooth and wifi is by keeping the hardware switch in the up position on the back of the phone but on the screen you can see the icons but they have that off or line saying they are off. Thats what i want to know and have some suspicions that the software may say they are off but it might really be on still allowing anybody with the right tools to connect to it.

And that's precisely why you need to understand the hardware and software for yourself.  If you don't trust us to tell you the modem can't work with the privacy switch in the off position, then you really can't trust anyone to tell you anything else you'd like to hear about it. Nor should you.  Take your security into your own hands.
:wq



[ SRA accepts you ]

Everyone wants me to quit using NetBSD
  Reply
#6
It shall be noted that WiFi and Bluetooth are handled by the same chip on the PinePhone (and also on the PinePhone Pro, though it is a different chip than on the original PinePhone), which is why there is only one hardware kill switch for both. So if you turn off only WiFi or Bluetooth in software, the chip will by design still be operating to handle the other one. Only turning both off can possibly power down the chip altogether, though I do not know whether that is the case, and as @KC9UDX has pointed out, you should not take my word for it either way anyway.
  Reply
#7
I did say that when the wifi chip and bluetooth were on meaning the killswitches were in the up position on the back of the phone. Thats why i asked if anybody who is a security researcher can check if there is any bugs in the chip when they are not connected to wifi or bluetooth device and if they appear off on the screen but are really on.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  power circuit can't charge battery and can't supply enough power for modem or wifi vortex 2 720 02-17-2024, 04:15 PM
Last Post: vortex
Question bluetooth speakers and pinephone pro Supervisor 2 1,372 01-30-2023, 09:21 AM
Last Post: Supervisor
  No wifi/bluetooth on multiple OS's Xxancap15 1 1,220 10-28-2022, 12:10 PM
Last Post: fxc
  Wifi no scan results - Bluetooth adapter not available emsyr 1 1,507 08-29-2022, 02:46 PM
Last Post: emsyr
  Why not Atheros ath9k_htc for wifi? altulke 13 7,211 08-11-2022, 01:01 PM
Last Post: auanta
  Did i break my wifi with the keyboard? captchasolver 5 3,415 02-10-2022, 03:39 PM
Last Post: pothos
  Wifi doesn't respond jmlich 6 4,524 02-04-2022, 06:50 PM
Last Post: bcnaz
  Suddenly WiFi signal strength is poor cinix 4 3,702 09-26-2021, 04:19 PM
Last Post: cinix
  Wifi/BT interface not detected aithal 17 15,504 05-30-2021, 11:10 AM
Last Post: Krasimir
  WIFI not available after anx7688 update failure frimmel 21 20,406 05-11-2021, 02:45 AM
Last Post: frimmel

Forum Jump:


Users browsing this thread: 1 Guest(s)