←back to thread

Show HN: Bluetooth USB Peripheral Relay – Bridge Bluetooth Devices to USB

(github.com)
233 points bahaaador | 5 comments | 13 Nov 24 13:24 UTC | HN request time: 2.891s | source

Hi HN! I built Bluetooth USB Peripheral Relay, a tool that lets Bluetooth devices (like keyboards and mice) connect to USB-only hosts using a Raspberry Pi Zero W.

Why? My friend needed a way to use his Bluetooth mouse and keyboard on a PC with Bluetooth disabled due to policy restrictions. This tool acts as a bridge, relaying Bluetooth input over USB. It also lets you use Bluetooth peripherals with older devices that only support USB input.

Tech: Written in Go, optimized for Raspberry Pi Zero W.

I love HN’s community and often lurk here—I’m hoping this project is useful or at least sparks some interesting discussions. Feedback and contributions are welcome!

Show context
ChrisMarshallNY ◴[13 Nov 24 15:12 UTC] No.42126707[source]
> This project was born out of a desire to help a friend who couldn't use his favorite Bluetooth mouse and keyboard due to Bluetooth being disabled on his work laptop.

Protip: If their company's IT section is like the one at my old company, they are quite unlikely to like this solution, either.

But it's very clever. Kudos.

replies(5): >>42126815 #>>42126875 #>>42127410 #>>42127461 #>>42127923 #
bahaaador ◴[13 Nov 24 15:24 UTC] No.42126815[source]
Thank you for sharing your thoughts, I had thought about this as well but came to the conclusion that from the company's perspective, this is no different than connecting a random keyboard bought from Amazon, what do you think?

Another thought around this is that I don't even think there's anything intrinsically insecure about BT as an attack vector but most likely some old policy based on security issues that existed in the early days of Bluetooth. Or at least I don't know of any, but I'm no expert in this so I would love to hear other people's insights here.

replies(2): >>42126869 #>>42127380 #
1. wongarsu ◴[13 Nov 24 16:20 UTC] No.42127380[source]
Secure bluetooth requires manufacturers to get the cryptography right. Even big brands like Logitech have gotten that wrong in recent memory, allowing attackers both to decrypt what you type [1] and to inject keystrokes [2]. And these are long-lived devices, even if vulnerabilities get patched in newer devices there are still plenty of 5 year old or older mice and keyboards with outdated firmware floating around. Not to mention the possibility of 0-days known to your attacker.

Wired connections are inherently more difficult to attack. In security critical applications banning bluetooth is perfectly reasonable.

[1] https://www.youtube.com/watch?v=GRJ7i2J_Y80

[2] https://www.youtube.com/watch?v=EksyCO0DzYs

replies(1): >>42127500 #
2. prmoustache ◴[13 Nov 24 16:31 UTC] No.42127500[source]
Same with keyboards and mouses which use insecure usb radio receivers. This company policy doesn't really prevent that.

The best way to correctly fight Shadow IT is to provide equipment and services so good nobody would even care using something else.

replies(2): >>42127662 #>>42127951 #
3. wongarsu ◴[13 Nov 24 16:50 UTC] No.42127662[source]
I'm always a proponent of just spending some money on your office equipment. Even a $90 mouse and $200 keyboard costs less than a tenth of a percent of salary of an average office worker, never mind developer (amortized over a very conservative 5 year lifespan). Give people the option to choose between 2-3 sanctioned models, throw in some vertical mice and split keyboard options and you can even brag about how much you care about your employees' health.

Some people will always want to bring their own equipment, but a lot of it is caused by penny pinching or lack of options

replies(1): >>42128705 #
4. kelvinjps10 ◴[13 Nov 24 17:16 UTC] No.42127951[source]
But what they offer is crap, I like that my company let's me change the equipment
5. vel0city ◴[13 Nov 24 18:41 UTC] No.42128705{3}[source]
> Give people the option to choose between 2-3 sanctioned models

It quickly grows past the 2-3 sanctioned models. Everyone wants something not on the list, lots of bickering of "why was that model chosen?", etc. Well that pre-approved model is $150, this is only $175. Bob got that $175 model, this is only $200, it's not that much. Jenny got that $200 model, this is only $250. Jenny's got a $250 keyboard? I gotta upgrade, here's this $300 model... Wait did the company just buy Bill a 55" 4K display? I need that too...

Suddenly your $150/person budget has exploded to replace everyone's equipment for $1,000+ otherwise it's just not fair someone else got more.

Personally I'm fine with me buying and owning my own kb+m. Maybe give a once a year or two office hardware stipend or whatever. Then otherwise make basic stuff available for free. If you're wanting a $200 keyboard you're probably wanting a particular $200 keyboard, and it's probably not one of those 2-3 approved models.