cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
ts
Contributor
  • 5
  • 8
  • 0
Registered since

Apr 16, 2018

possible security vulnerability in QC35 I/II

Dear Bose team,

 

I already contacted your local support a while ago and bumped you on twitter recently. Unfortunately no feedback.

But I'm sure this might interest you anyway. I didn't spend the effort to make a real proof of concept but I think me and for sure others should be able to mess up your customer's phones :(.

 

The "attack" is unfortunately quite easy but the solution might be a little more complicated for devices in the field.

So please, get in touch with me via mail (you got my contact data) as I don't want to unnecessarily want to publish the vector in public (for now).

 

BR,

ts

 

PS: my mail address is not my everyday, also I'm not in US time zone - so please expect some delay.

Feel free to delete this post if you got in touch with me. If you're taking this a sh.tpost, please don't.

I just want you to give it a little more attention than the other ways I tried to reach you.

9 REPLIES 9
Mohsin_S
Moderator - Retired
  • 0
  • 2555
  • 115
Registered since

Dec 15, 2016

Re: possible security vulnerability in QC35 I/II

Hello ts,

 

Sorry if we missed you. But we do take these types of concerns seriously. Please send us an email to privacyandsecurity@bose.com, and someone will follow up with you.

 

Thank you,

 

 

Mohsin - Community Support.

ts
Contributor
  • 5
  • 8
  • 0
Registered since

Apr 16, 2018

Re: possible security vulnerability in QC35 I/II

Thanks, Mohsin for the contact.

 

For those who are curious: I will not disclose anything until Bose got the fair chance to introduce a fix.

maxnuk
Leader
  • 88
  • 517
  • 7
Registered since

Mar 24, 2018

Re: possible security vulnerability in QC35 I/II

I do not want to know how you did it. But could you say what it affects? 
Because I know several security flaws in bluetooth, such as BLUEBORNE.
Thanks,
Marcel M.
ts
Contributor
  • 5
  • 8
  • 0
Registered since

Apr 16, 2018

Re: possible security vulnerability in QC35 I/II

Hi,

 

This issue has nothing to do with blueborne.

I'm still waiting for a reply from Bose.

 

sorry but I won't get into details now 😞

 

BR, ts

 

maxnuk
Leader
  • 88
  • 517
  • 7
Registered since

Mar 24, 2018

Re: possible security vulnerability in QC35 I/II

yes, it has nothing to do with the blueborne, because it is old. When you can make it available for us, let us know, thank you!

(Even if it takes time, let us know).

Thanks,
Marcel M.
Mutnat
Mentor
  • 117
  • 382
  • 13
Registered since

Feb 3, 2017

Re: possible security vulnerability in QC35 I/II


@tswrote:

Thanks, Mohsin for the contact.

 

For those who are curious: I will not disclose anything until Bose got the fair chance to introduce a fix.


 

@ts thanks for bringing this to their attention!  I'm curious what you will consider a "fair chance"?  Moving at The Speed of Bose unfortunately appears to be agonizingly slow based on my personal observations of this community over the past 14 months or so. Unfortunately, I doubt we will see a quick turnaround time.  😞

*** Please Note: I do not work for Bose; please don't private message me your support questions!
ts
Contributor
  • 5
  • 8
  • 0
Registered since

Apr 16, 2018

Re: possible security vulnerability in QC35 I/II

@Mutnat

My understanding of "fair chance" is getting response in reasonable time, taking issues serious and working them in a professional manner.

 

Regarding reaction time: we sure have to distinguish between community/forum (no offense!) and the higher levels of support respectively other departments. The hardest part sure is to get there.

 

@maxnuk: it will definitely take some time (just due to processes). It is too early to tell if and when there will be a disclosure. As I'm not interested in harming Bose and us as customers, I will handle this as responsibly as possible.

 

 

maxnuk
Leader
  • 88
  • 517
  • 7
Registered since

Mar 24, 2018

Re: possible security vulnerability in QC35 I/II

I say this because I'm doing a custom ROM.

XD (if anyone cares to help too)

Thanks,
Marcel M.
Mohsin_S
Moderator - Retired
  • 0
  • 2555
  • 115
Registered since

Dec 15, 2016

Re: possible security vulnerability in QC35 I/II

Hi ts,

 

Thank you for your assistance with this! We have more information on this here.

 

Thanks again, and take care,

 

Mohsin