Something I will be considering when I’m ready to get my next smartphone and my next set of hearing aids at about the same time in 2022 or 2023, when BT LE is out and widely available and tested and 5G is fully mature and widely available.
Qualcomm has already provided a security patch, which almost certainly will have been deployed to all affected phones by 2022 (if the chip has not been substituted by a newer model by then).
I hate to repeat myself but it should never be about the smartphones it should be about what is the best hearing aids for your hearing loss.
Attackers would only have to convince someone to install a seemingly benign app that bypasses usual security measures
I don’t see a problem - don’t install apps from unknown sources, and read reviews for an app before installing it from Google store, and probably skip those with less than few thousand downloads.
And be more alert which apps you do want to install in the first place.
That’s good precaution in general, independent of OS your phone has.
Of course - always first priority.
I really don’t think the average user has anything to be concerned about from these bugs. Literally every computer on earth has bugs that can allow this type of access. Every Intel processor computer on the planet has hundreds of known bugs that may or may not be corrected that allow all kinds of malicious access. But, you never hear about them being exploited. Because it’s far easier to socially engineer someone to get them to simply give up their information.
We literally put spying devices in our homes, like Ring cameras, Alexa, Google Assistant. We share our location data with Facebook, Twitter, Pokemon, and it gets embedded by default into every picture someone takes. You personal details get hacked on a monthly basis through credit card processing and data broker companies you’ve never heard of or worked with directly that have no legal requirement to discuss those incidents publicly because of NDAs with the companies you do do business with.
Real life is a security nightmare. If we were all really worried about privacy, we’d never carry a mobile phone in the first place (because even non-smartphones these days have GPS for e911).
Never power up a device that is on the internet without a total protection package, of VPN, AV, ad blockers, and malware prevention. And even then you will never be totally protected.
I think it depends on what problem one is trying to solve. If one’s major complaint is that they work on the phone all day and have difficulty understanding, then phone connectivity might be something to prioritize. I really think we (including myself) put way much emphasis into the fine details of hearing aids on the forum- I would imagine most of us if fit properly with a hearing aid from one of the Big 6 would have a hard time telling the difference from other hearing aids.
I have to disagree, yes I may be able to hear somethings, but it has taken 15 years of different hearing aids to find my fit. And even then it has taken 10 years of learning to hear with a certain brand of aids. Before getting my last hearing aids my audi and several other Audis in the clinic and I talked about all of the brands and the advantages and disadvantages, and I decided to listen to the ones that should know and they did for me. It may work the way you say for others, and more than likely for someone new to hearing aids it will work great, learning to live with hearing loss and hearing aids is learning to hear all over again. And for some it is a quick process and for other it takes years. Well it has taken me years to do so.
The question here was about vulnerabilities - not functionality.
My response was in response to this comment: I hate to repeat myself but it should never be about the smartphones it should be about what is the best hearing aids for your hearing loss.
My first set of hearing aids that had smartphone capabilities were the Oticon aids that at the time required the streamer device, I am not sure why Oticon chose to have it stream only to the iPhone but they did. At the time I was using an Samsung Note1 or 2 I am not sure which it was, I had nothing be trouble with it for the 3 years I had it and AT&T replaced it 2 times. When the VA gave me the Oticon aids, and the streamer, home phone adapter, and the TV adapter, I was ready to throw that Samsung in the trash. I made to decisions that I have never regretted the first was to buy my phone out right for now own so I could change carriers if I so pleased, and the second was getting the iPhone 5s. Yes, there was a learning curve, but unlike what you are talking about I was retired, I didn’t have a leash around my neck to some corporation, so I was free to think for myself. I haven’t regretted it at all, I have ditched Microsoft and I have been so less stressed in doing so. I still have Androids devices around that I use, and my wife being the independent person she is and that I love does have a Samsung Note, and a Microsoft laptop, and an Android tablet, but she knows that I can nolonger help her with them.
We all have different needs. Hearing better is the priority, whether it’s face to face or on a phone.
What I have learned is when you get it right face to face usually Bluetooth will fall into place if not better. I actually hear better on the phone than face to face but hearing really sucks.
I’m sure whatever security defects exist on either protocol now will be long gone in 2 or 3 years…
to be replaced by new ones.
As someone that is now retired but has worked with hardware and software since 1969, there will always be bugs and flaws to be found. We had a saying for every bug we found in a major software package there were at least one hundred that wasn’t found yet. I am sure that is so much truer today seeing how fast they are coming up with new stuff to keep people happy, that always have to have the latest and the so called greatest.
I think the crux of the article was because of the necessary security behind a DSP chip in a phone, it was very hard to discover the Qualcomm vulnerabilities. So cracking the DSP security to discover flaws has opened up a new vista on potential security flaws we were ignorant of.
I guess if security is not such a big deal, i.e. S---- happens, etc., then there is no point in banning Tik-Tok etc.
I do think being aware of security flaws and steering away from folks doing a lousy job on security is one of the main ways to get OEM’s to do things right. Blowing it off will only make it worse.
How bad can it be?! Just as the folks who got victimized by EternalBlue (materialized in the form of Wanna Cry ransomware and other hacks). Apple has made a very big deal of security and privacy, refusing to supply backdoors to the federal government. So at least Apple thinks (to some folks) that security matters a big deal. I think most corporations would not be happy with users running around with insecure phones nor tolerate the excuse, “Well, this is the one that works best for best HA use …”
Normally so very true
I think many of us (at least me) are on security overload. How many of us are concerned with router security? See Routersecurity.org There are a whole bunch of things one can be concerned about. I do some and consider it “good enough.”
My favorite old quote on this topic: