Today's Hard|Forum Post
Today's Hard|Forum Post

Monday February 06, 2017

Chrome 56 Quietly Added Bluetooth Snitch API

The folks over at The Register noticed something interesting about the latest Chrome 56 release over the weekend, that seems to have gone mostly unnoticed despite Google announcing it in the video below. Webpages can now communicate with nearby Bluetooth devices using the Web Bluetooth API, and by "communicate" they mean that by using a few lines of Javscript webpages can "discover and control" nearby devices.

While I am sure there are some great potential uses for this capability, and the user does have to grant permission, it also does not seem to be a stretch to envision how this might be abused. As the Register points out, the response on Twitter was pretty harsh.

As pointed out to The Register last year by privacy researcher Lukasz Olejnik, the API makes it possible for site owners like Google to gather a huge amount of privacy-intrusive information. The Bluetooth Web API community would have trouble denying this, since its first example code is for retrieving data from a heart rate monitor.