Category: Android TV

Multiple active exploits could affect iPhone use of Bluetooth.

Flipper Zero hacker tool could be used to trigger iPhone DDoS attack using Bluetooth signals by AirPods, HomeKit accessories, etc. These signals usually trigger popup on iPhone allowing to connect to headphones or perform other actions. Crafting these signals in a specific way could result in iOS restart.

Newly discovered BLUFFS attack could be used to impersonate devices and trigger disclosure of private information. It is not yet clear, if AirDrop is affected by this attack as it uses more than just Bluetooth to authenticate the device. However, it is still possible to hijack audio or other Bluetooth connection. Fix would require device manufacturers to modify security mechanisms of Bluetooth stack.

References:

• Flipper Zero can still crash iPhones running the latest version of iOS 17
• Bluetooth security flaws allow connections to be hijacked; AirDrop unlikely to be affected [U]

"Kids' Code" bill passed in California. This bill requires apps to be kids-safe by default.

A Californian bill colloquially known as the Kids’ Code has been unanimously passed by the State Senate, following earlier approval by the State Assembly. It now requires the signature of Gov. Gavin Newsom to take effect.

9to5Mac

Apps should have guardrails for users under 18. This requirement might affect features of the applications, age verification might be required for more app sections.

Reference: Kids’ Code bill passed in California, apps must be child-safe by default

Okta, single sign-on provider, recently got hacked. Clients using Okta for authentication are at risk.

After a thorough analysis of these claims, we have concluded that a small percentage of customers — approximately 2.5% — have potentially been impacted and whose data may have been viewed or acted upon. We have identified those customers and are contacting them directly. If you are an Okta customer and were impacted, we have already reached out directly by email. We are sharing this interim update, consistent with our values of customer success, integrity, and transparency.

Okta

Reference:

• Okta security breach may affect Mac and iPhone enterprise setups; vigilance urged
• Okta Statement on Breach by Hackers
• Okta hack may have impacted 366 clients; company says it should have acted faster

As of May 2021, Google reported 80 million active devices, meaning 30 million new devices in use since that date. A large portion of that growth likely comes from latest the Chromecast with Google TV, as well as TCL’s Android TV OS models that the company this week announced sell 10 million units annually.

Google also notes that growth came from its partners, which now number over 250 globally. That includes over 170 Pay TV operator partners — up from 140 in 2019. However, the growth isn’t solely from Pay TV, as Google also says that it is now working with seven out of the top 10 smart TVs OEMs worldwide, notably including names such as TCL, Sony, and Hisense, which all launched Google TV models at CES 2022. At CES, Google also announced that Fast Pair would be coming to Android TV OS.