Latest news with #BluetoothLowEnergy
Irish Independent
10-07-2025
- Irish Independent
Twitter founder Jack Dorsey launches WhatsApp rival that works offline
Bitchat instead operates using a phone's Bluetooth signal, which allows users to communicate during situations such as music festivals or protests where mobile signal is patchy or restricted. Bluetooth typically has a range of around 100 metres. However, Bitchat overcomes this technical limitation by using something called a Bluetooth mesh network, which relays messages through other users in the vicinity. The service is completely decentralised and encrypted, according to a white paper detailing Bitchat, with the network not requiring a user's email address, phone number or an account to operate. 'Bitchat addresses the need for resilient, private communication that doesn't depend on centralised infrastructure,' the app's white paper states. 'By leveraging Bluetooth Low Energy mesh networking, Bitchat enables direct peer-to-peer messaging within physical proximity, with automatic message relay extending the effective range beyond direct Bluetooth connections.' Mr Dorsey shared details of the app in a post on X, revealing that it has a range of more than 300 metres through Bluetooth mesh networking, while no centralised server means there is no tracking or data collection. Messages also disappear by default, with optional group chats – referred to as 'rooms' – allowing users to interact with multiple people at the same time. Future updates to the app could allow for faster and longer-range communication through wifi networks, according to Mr Dorsey. The peer-to-peer nature of the app aligns with other projects launched by Mr Dorsey in recent years. He has focused on censorship-resistant technologies since leaving Twitter.
Arabian Post
09-07-2025
- Arabian Post
Bluetooth Mesh Messaging App Pioneered by Twitter Co‑Founder
Jack Dorsey, the co‑founder of Twitter and current head of Block, has introduced Bitchat, a peer‑to‑peer encrypted messaging tool that operates entirely without internet or cellular networks, relying instead on Bluetooth Low Energy mesh technology within a 300‑metre radius. It is currently available in beta via Apple's TestFlight, which has already reached its 10,000‑user capacity. The app enables fully decentralised communication: messages hop from device to device using BLE mesh, allowing users to stay connected when internet access is unavailable or censored. Messaging channels can be secured with passwords, and a 'Panic Mode' wipes all data instantly with a triple logo tap. No registration, phone number or email is required, and the system collects no user data. Messages are end‑to‑end encrypted using Curve25519 and AES‑GCM, with default ephemeral storage unless manually saved. Dorsey revealed on X that he explored Bluetooth mesh networks over the weekend and shared a white paper on GitHub explaining the app's focus on resilient and private communication. The app is inspired by projects such as FireChat and Bridgefy—tools which have proven useful during protests and internet shutdowns, notably in Hong Kong. Bitchat extends this with a claimed effective range of over 300 metres—roughly triple that of Bridgefy—and plans to support Wi‑Fi Direct to broaden its mesh network capabilities. ADVERTISEMENT Security features include anonymous usage without accounts, channels secured with AES encryption, and encrypted peer‑to‑peer private messaging between users. Group chats, IRC‑style commands and message compression are part of the design, as is adaptive battery optimisation to maintain device performance. The app is currently exclusive to iOS and macOS via TestFlight, but Dorsey has indicated an Android version is under development. With the beta invite list full, a public release date has not yet been set. The company's white paper emphasises metadata avoidance and message ephemerality, citing alignment with Bitcoin's decentralised ethos by removing central authorities from communication. Bitchat arrives amid growing interest in decentralised and resilient communications tools. Analysts note that while mesh networking apps are not new, few measure up in range, encryption rigour, or user privacy. Bridgefy, a notable precedent, was later criticised for cryptographic vulnerabilities, leading to adoption of the Signal protocol—while Bitchat claims to avoid similar pitfalls through robust encryption standards. Potential use cases for Bitchat include crisis zones, natural disaster regions, remote areas lacking infrastructure, and locations under communication blackouts. Dorsey's track record—founding Twitter and later Bluesky, and his leadership of Block, notably through heavy investment in Bitcoin—signals a philosophical commitment to decentralisation, user autonomy and privacy. The app's design also emphasises simplicity and anonymity: users generate transient peer IDs on each launch, eliminate central logs, and ensure messages are transient unless explicitly saved. Security is bolstered by the use of established encryption algorithms and protocols. Despite promising technical architecture, questions remain about real‑world adoption. Bluetooth mesh networks depend on device density and proximity, raising concerns about reliability in low‑density areas. Battery consumption and performance under high traffic are also key concerns, though Dorsey's team is reportedly working on optimisation. Competition in secure messaging is fierce: applications like Signal, Threema and Briar already offer encrypted and decentralised messaging with robust privacy guarantees. Signal remains a leader, storing no user data and widely used by security‑aware demographics. Briar uses Bluetooth, Wi‑Fi, Tor and USB relays to facilitate anonymous communication, particularly in censored environments. Threema provides account‑less encrypted messaging backed by a one‑time purchase model. These tools set the bar Bitchat must meet or exceed. Bitchat's core innovation lies in its infrastructure‑free design and range, which may enable reliable communication in infrastructure‑compromised settings. Future enhancements, such as Wi‑Fi Direct support, group file sharing and cross‑platform compatibility, will determine whether it becomes a practical tool rather than an experimental curiosity.
Mint
08-07-2025
- Mint
Jack Dorsey quietly dropped a game-changing chat app and it's already full: All about it
Tech entrepreneur Jack Dorsey has announced a new decentralised messaging application called Bitchat, designed to operate without the internet and without requiring personal information. Bitchat, described by Dorsey as a 'weekend project', enables peer-to-peer messaging through Bluetooth Low Energy (BLE) mesh networks, allowing users to communicate within a range of over 300 metres, even in the absence of cellular or Wi-Fi connectivity. The app is currently available in beta via Apple's TestFlight, although early access slots were filled shortly after the announcement. According to a whitepaper published on GitHub, Bitchat allows for direct device-to-device messaging, where each phone simultaneously acts as both sender and receiver. This system supports multi-hop message transfers, meaning a message can pass through several nearby devices to reach its destination, further extending its operational range. Crucially, the app does not require a phone number, email, or any form of account to function. This, paired with its decentralised infrastructure, which is free of servers or central control and makes Bitchat highly resilient to censorship and network disruptions. Messages are stored ephemerally in device memory, with automatic caching in place if a recipient is temporarily unreachable. Messages are then delivered when the recipient reconnects to the mesh network. The platform features a tiered message retention system. Standard messages are automatically deleted after 12 hours, whereas messages marked as 'favourites' are preserved indefinitely. For security, Bitchat uses end-to-end encryption, combining the Curve25519 elliptic curve with the AES-GCM encryption algorithm for a layered approach to data protection. Functionality-wise, Bitchat offers familiar tools such as mentions to tag users and topic-based rooms, akin to channels on platforms like Discord. Rooms can also be secured with passwords for added privacy. Dorsey highlighted the app's unique position in the current messaging ecosystem, noting that its infrastructure-free design and lack of identifying requirements offer an alternative to surveillance-prone and centralised platforms.
The Hindu
08-07-2025
- Business
- The Hindu
Twitter co-founder Jack Dorsey introduces early version of bluetooth messaging app, Bitchat
Twitter co-founder Jack Dorsey revealed that he was working on a messaging service called Bitchat that relies on Bluetooth mesh networking to enable communication even without the internet. '[M]y weekend project to learn about bluetooth mesh networks, relays and store and forward models, message encryption models, and a few other things. bitchat: bluetooth mesh vibes,' posted Dorsey on X on Monday (July 7, 2025), likely referring to the aesthetics of Internet Relay Chat protocols from the past. According to a graphic that Dorsey shared, Bitchat will include features such as offline communication up to a range of more than 300m, end-to-end encryption, topic-based rooms, password-protected rooms, mentions, and a 'favourites' system. So far, the design appears to be minimalistic and resembles a programming or coding surface in terms of its UI. Privacy is set to be a key factor, as Dorsey noted that there would be no servers, accounts, or data collection. '[B]itchat addresses the need for resilient, private communication that doesn't depend on centralized infrastructure. By leveraging Bluetooth Low Energy mesh networking, bitchat enables direct peer-to-peer messaging within physical proximity, with automatic message relay extending the effective range beyond direct Bluetooth connections,' noted Dorsey in a whitepaper that he shared. An early version of Bitchat is currently undergoing its app store review, he told another X user. The app has also hit its beta tester limit. Dorsey previously worked on the social media platforms Twitter (now X) and its decentralised off-shoot Bluesky. However, Musk bought X and Dorsey is no longer associated with Bluesky.
Arabian Post
25-06-2025
- Arabian Post
Realtek Bluetooth SDK Flaws Expose Weakness in Device Pairing
A newly disclosed series of vulnerabilities in Realtek's Bluetooth Low Energy implementation jeopardises the stability and security of connected devices, with one issue rated medium and another deemed high severity. The exposed flaws, affecting the RTL8762E BLE SDK version 1.4.0 and its EKF‑EVB derivative, allow attackers to trigger denial‑of‑service conditions during the pairing process by injecting crafted packets at precise stages. The first flaw, identified as CVE‑2024‑48290, emerges from inadequate validation in the BLE protocol's termination routine. An attacker positioned within Bluetooth range can send a maliciously formed llterminateind packet, causing the target device's Bluetooth stack to crash and interrupt communications. Assigned a CVSS 3.1 base score of 4.3, the vulnerability affects devices using Realtek's standard RTL8762E BLE SDK v1.4.0. It requires no privileged access or user interaction, making it easily exploitable over adjacent networks. A second, more severe vulnerability—CVE‑2025‑44531—was added to the National Vulnerability Database on 24 June 2025. This flaw occurs earlier in the pairing exchange, when a crafted payload is delivered before the public key is received. The Bluetooth stack fails to manage the premature input, resulting in uncontrolled resource consumption and forcing a system crash. With a CVSS 3.1 score of 7.5, this vulnerability poses a high risk by enabling attackers with zero privileges and only network proximity to disrupt device functionality. ADVERTISEMENT Both issues affect the same SDK version and stem from fundamental flaws in protocol resilience. The latter vulnerability, categorized under CWE‑400, highlights a broader weakness in resource management during handshake procedures. Security analysts warn that the practical impact of these flaws depends on device deployment. The RTL8762E chip is used extensively in IoT devices such as fitness trackers, smart locks, wireless earbuds, and automation hubs. Disruption of Bluetooth services in such devices can compromise availability and user trust, particularly in environments where Bluetooth is integral to operation or security. Realtek has reportedly issued patches on its official communication channels, though timelines and distribution mechanisms remain unclear due to the closed‑source nature of firmware updates. Enterprises integrating devices with the affected SDK are strongly advised to consult their vendors for firmware updates or consider disabling BLE pairing until mitigation is confirmed. Independent researchers have recommended several interim safeguards. These include enabling rate limiting during pairing, enforcing stringent validation of early‑stage packets, and monitoring for abnormal pairing attempts. However, only confirmed vendor patches can fully rectify protocol loopholes at source. The fact that both vulnerabilities resurface around the same SDK version amplifies concern over code audit practices. Bluetooth protocol stacks are notoriously complex, and previous studies—such as the BLURtooth and Secure Connections Only research—have underlined long‑standing industry challenges in robust implementation. Even established chip vendors have struggled to prevent pairing or transport‑layer manipulation. In the context of BLE's expanding role, particularly in the Internet of Things and proximity‑based systems, exploitation of such low‑level vulnerabilities could become a vector for broader disruption. A stabilised BLE stack is foundational to ensure not only connectivity but also higher‑layer security features that rely on pairing integrity. The coordinated disclosure of these vulnerabilities underscores the need for continued scrutiny of common embedded SDKs. It also emphasises the importance of rapid patching by device manufacturers—especially when source code control is limited or obfuscated. Organisations managing fleets of BLE‑enabled hardware are urged to audit device firmware, liaise with vendors, and monitor for updates. While no evidence currently indicates active wide‑scale exploitation of CVE‑2024‑48290 or CVE‑2025‑44531, the low complexity and zero‑interaction requirements mean that trending threat actors could weaponise them quickly. Consequently, the window for mitigation before operational disruption is narrowing. Ahead of final vendor fixes, network administrators and system integrators may consider segmenting BLE traffic, deploying anomaly detection systems to flag improbable pairing behaviour, and applying stricter access controls on wireless interfaces. Such steps can reduce exposure while awaiting comprehensive SDK updates.
