Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome 56 Quietly Added Bluetooth Snitch API (theregister.co.uk)

Posted by msmash on from the what's-really-happening dept.

Richard Chirgwin, writing for The Register: When Google popped out Chrome 56 at the end of January it was keen to remind us it's making the web safer by flagging non-HTTPS sites. But Google made little effort to publicise another feature that's decidedly less friendly to privacy, because it lets websites ask about users' Bluetooth devices and harvest information from them through the browser. That's more a pitch to developers, as is clear in this YouTube video from Pete LePage of the Chrome Developers team. "Until now, the ability to communicate with Bluetooth devices has been possible only for native apps. With Chrome 56, your Web app can communicate with nearby Bluetooth devices in a private and secure manner, using the Web Bluetooth API," Google shares in the video. "The Web Bluetooth API uses the GATT [Generic Attribute Profile - ed] protocol, which enables your app to connect to devices such as light bulbs, toys, heart-rate monitors, LED displays and more, with just a few lines of JavaScript." In other words, the API lets websites ask your browser "what Bluetooth devices can you see," find out what your fridge, and so on, is capable of, and interact with it.

3 of 229 comments (clear)

  1. Excuse me, I'm from Computer Services by ausekilis · · Score: 4, Insightful

    "Excuse me, I'm from the computer services group, and your A/C appears to be acting up... It's reporting . Please go to this website and click 'Accept' to all the prompts and we can diagnose it remotely".

    Yea, no problem catching idiots with that...

  2. Re:More evil by werewolf1031 · · Score: 5, Insightful

    It makes sense to have the ability for web apps to interface w/BT devices

    Care to explain how this makes any sense at all? 'Cause right now all I see is the potential for massive security and real-world safety vulnerabilities.

  3. ... in a private and secure manner by Errol+backfiring · · Score: 4, Insightful

    your Web app can communicate with nearby Bluetooth devices in a private and secure manner, using the Web Bluetooth API

    Given the fact that even the battery API was abandoned for privacy reasons, I just don't believe it is ever possible to do this securely and privately. This is just an attack vector begging to be exploited.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!