Consider blocklisting Qualcomm CSR firmware update service

[pdjstone]

The service UUID is 00001016-d102-11e1-9b23-00025b00a5a5

The only information I could find on that service is here: https://www.csrsupport.com/download/49800/CS-327746-RP-1-Training%20and%20Tutorials%20-%20CSR%20Over-the-Air-Update.pdf

The protocol seems to do challenge-response with a shared key, rather than properly signing the firmware.

[beaufortfrancois]

Thank you @pdjstone! I believe we should blacklist Qualcomm (CSR) OTA Update service.

@jyasskin WDYT? See PR at #21

[beaufortfrancois]

@pdjstone On an unrelated note, can you tell us more about https://github.com/pdjstone/cloudpets-web-bluetooth/issues/1?

[scheib]

I've reached out to Qualcomm staff and am anticipating a response here.

[jyasskin]

Blacklisting an update service that's only secured with symmetric keys sounds good to me. Sorry for missing this. Let's give Qualcomm until the 14th (1 week from @scheib's message) to respond?