The article is a security company trying to hype their company with a theoretical attack that currently has no hypothetical way to be abused
The article has an update now fixing the wording to “hidden feature” but, spoilers, every BT device has vendor specific commands.
The documentation of the part just wasn’t complete and this companies “fuzzing” tool found some vendor commands that weren’t in the data sheet
The China part just came from OP
If they’re being shared as disk images, basically every Blu-Ray has an embedded Java program, also
The Ubuntu security team only supports the ~2,000 packages in “main”
Things like ffmpeg are in “universe” and only get security updates if you subscribe to Ubuntu Pro
Debian’s security team has always been significantly more responsive than Ubuntu. It’s regularly had CVE fixes in older versions of Debian that newer versions of Ubuntu don’t bother to pull into universe
You can even trivially run your own server on an old Raspberry Pi.
I used to run one on a Pi 2 that would regularly have ~100 concurrent users without any hiccups
That’s separate from what OP is talking about. The on-device encryption is decent
For data on Apple’s servers (which they push icloud by anemic device storage…) Apple themselves publish that they give access to user accounts 90% of the time in the US
I agree, but unfortunately, this has become common since Heartbleed, and they seem to be able to sell their snake oil to CTOs…