Hello!
BTT relies on an default open port to allow for BTTRemote pairing. Coupled with the high level of privileges that BTT and the remote abilities that it supports, a misconfiguration or bug with the authentication of BTTRemote could make BTT an easy target for remote privilege escalations.
Is it possible to release a security focused build of BTT that does NOT have BTTRemote features while retaining the other great features for gesture / touchbar customization?
Kelvin
You can turn off BTT Remote support in the preferences, then there won't be an open port.
Or using this terminal command:
defaults write com.hegenberg.BetterTouchTool BTTRemoteEnabled NO
The BTT Remote port usually is only accessible from within your network (unless explicitly forwarded in your router config).
On more security focused systems I'd definitely recommend to install a Firewall like Little Snitch anyways - malicious user presets loaded into BTT could also execute terminal commands to open a port.
Hi, I have the same issue with BetterTouchTool. Previously I have been using BTT for a long time and I really enjoyed the its power and flexibility. But my employer has enforced certain security measures that prevent me from using BTT due to the remote control feature. It would be great if BTT could release a "secure" version that simply do not allow remote control. This would be more corp-friendly and likely would benefit many other BTT users. Thank you!
