Skip to content

Zero-day: Bluetooth gap turns millions of headphones into listening stations

Technology
123 88 696
  • A speaker i have from bose is always on and "sleeping" and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead.. wouldnt be surprised if some headphones worked the same..

    It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.

  • And this is why people wanted headphone jacks... and also why corporations didn't want them.

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    This is why I chose to get a Corsair Virtuoso, which has a removable microphone.

  • The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.

    • Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
    • Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
    • JBL Live Buds 3, Endurance Race 2
    • Jabra Elite 8 Active
    • Bose QuietComfort Earbuds
    • Beyerdynamic Amiron 300
    • Jlab Epic Air Sport ANC
    • Teufel Airy TWS 2
    • MoerLabs EchoBeatz
    • Xiaomi Redmi Buds 5 Pro
    • earisMax Bluetooth Auracast Sender

    ERNW emphasizes that this is only a partial list.

    Source

    Damn that's pretty big, hopefully they update and give a final list of affected devices. Not to mention, gotta pray the devices will see software updates to try and mitigate it.

  • I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it's probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it's got a headphones jack. I don't think that the standard is going to vanish anytime soon in general.

    I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren't doing it for no reason.

    • From what I've read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I'd rather just have a thicker phone, but a lot of people don't, and if you're going all over the phone trying to figure out what to eject to buy more space, that's gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a small USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use a USB-C port for other things).

    • A second issue was that the standard didn't have a way to provide power (there was a now-dead extension from many years back that is now dead, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn't matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there's a solid reason to want to power headphones.

    • The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.

    • USB-C is designed so that the springy tensioning stuff that's there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand from past reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones as mini-USB, but I think that it's probably fair to say that it's desirable to have the tensioning on the cord side.

    • On USB-C, the right part breaks. One irritation I have with USB-C is that it is...kind of flimsy. Like, it doesn't require that much force pushing on a plug sideways to damage a plug. However --- and I don't know if this was a design goal for USB-C, though I suspect it was --- my experience has been that if that happens, it's the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I've damaged several USB-C cables, but I've never damaged the device they're connected to while doing so.

    On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.

    EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can't really change the internal DAC. I don't know about other people, but last phone I had that did have an audio jack would let through a "wub wub wub" sound when I was charging it on USB off my car's 12V cigarette lighter adapter --- dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car's stereo via its AUX port. That's very much fixable by putting some filtering on the DAC's power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn't do it, maybe to save space or money. That's not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone's DAC out of the equation. The phone's internal DAC worked fine when the phone wasn't charging, but I wanted to have the phone plugged in for navigation stuff when I was driving.

    Great post, thank you.

  • Sony WH-1000XM4/5/6

    I don't have one of those, but they're pretty popular as headphones with good ANC.

    Jlab Epic Air Sport ANC

    I do have those, though.

    Yeah. I have the previous version of the WH which seems not affected, but I also have the WF 3 which unfortunately seems to be.

    Many people have sony headphones with those chips.

  • The only time a hacker is going to target you like this is if you're an extremely high value target like a CEO or if you're in the crosshairs of a nation-state. The average hacker isn't going to waste this kind of effort to hack someone with $200 in their bank account and no power over anything or anyone.

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    I was hoping this would allow me to take over Bluetooth speakers that people use while skiing and replace their music with a PSA about how no one wants to hear their music

    Most annoying people on the mountain

  • Double post

  • and also why corporations didn't want them.

    Exactly! So they can spy on us more!

    No, the real reason is it saves a few pennies per phone. They can already spy on us through the internal mic.

  • I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it's probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it's got a headphones jack. I don't think that the standard is going to vanish anytime soon in general.

    I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren't doing it for no reason.

    • From what I've read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I'd rather just have a thicker phone, but a lot of people don't, and if you're going all over the phone trying to figure out what to eject to buy more space, that's gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a small USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use a USB-C port for other things).

    • A second issue was that the standard didn't have a way to provide power (there was a now-dead extension from many years back that is now dead, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn't matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there's a solid reason to want to power headphones.

    • The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.

    • USB-C is designed so that the springy tensioning stuff that's there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand from past reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones as mini-USB, but I think that it's probably fair to say that it's desirable to have the tensioning on the cord side.

    • On USB-C, the right part breaks. One irritation I have with USB-C is that it is...kind of flimsy. Like, it doesn't require that much force pushing on a plug sideways to damage a plug. However --- and I don't know if this was a design goal for USB-C, though I suspect it was --- my experience has been that if that happens, it's the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I've damaged several USB-C cables, but I've never damaged the device they're connected to while doing so.

    On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.

    EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can't really change the internal DAC. I don't know about other people, but last phone I had that did have an audio jack would let through a "wub wub wub" sound when I was charging it on USB off my car's 12V cigarette lighter adapter --- dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car's stereo via its AUX port. That's very much fixable by putting some filtering on the DAC's power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn't do it, maybe to save space or money. That's not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone's DAC out of the equation. The phone's internal DAC worked fine when the phone wasn't charging, but I wanted to have the phone plugged in for navigation stuff when I was driving.

    A lot of great points here, I would be on aboard if phones therefore had two USB-C ports as standard

  • A speaker i have from bose is always on and "sleeping" and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead.. wouldnt be surprised if some headphones worked the same..

    A smart outlet (and running home assistant) will solve that problem.

  • It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.

    It's BLE - Bluetooth Low Energy.

    Basically devices with BLE can listen for a wake-up command and turn on, similar to the "magic packet" of wake on Ethernet.

    Super convenient for "find my device" applications, also nice to be able to connect and activate the device without having to press a power button like a peasant.

    It also means that most devices with BLE end up flat within a month. I had a speaker with BLE and had to deliberately download a much older version of the Android partner app to turn it off, as they dropped the option to do so in later versions for "convenience". With BLE on it would be flat in about 6 weeks regardless of whether I'd used it or not , which really ruined ad-hoc usage for me.

  • I was hoping this would allow me to take over Bluetooth speakers that people use while skiing and replace their music with a PSA about how no one wants to hear their music

    Most annoying people on the mountain

    Or public transit. Or public parks. Or grocery stores.

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    My Redmi buds 5 had a firmware update available for me in the app. It could be an older one though, their patch notes suck and don't even say the date. v4.3.8.8

  • I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it's probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it's got a headphones jack. I don't think that the standard is going to vanish anytime soon in general.

    I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren't doing it for no reason.

    • From what I've read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I'd rather just have a thicker phone, but a lot of people don't, and if you're going all over the phone trying to figure out what to eject to buy more space, that's gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a small USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use a USB-C port for other things).

    • A second issue was that the standard didn't have a way to provide power (there was a now-dead extension from many years back that is now dead, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn't matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there's a solid reason to want to power headphones.

    • The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.

    • USB-C is designed so that the springy tensioning stuff that's there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand from past reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones as mini-USB, but I think that it's probably fair to say that it's desirable to have the tensioning on the cord side.

    • On USB-C, the right part breaks. One irritation I have with USB-C is that it is...kind of flimsy. Like, it doesn't require that much force pushing on a plug sideways to damage a plug. However --- and I don't know if this was a design goal for USB-C, though I suspect it was --- my experience has been that if that happens, it's the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I've damaged several USB-C cables, but I've never damaged the device they're connected to while doing so.

    On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.

    EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can't really change the internal DAC. I don't know about other people, but last phone I had that did have an audio jack would let through a "wub wub wub" sound when I was charging it on USB off my car's 12V cigarette lighter adapter --- dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car's stereo via its AUX port. That's very much fixable by putting some filtering on the DAC's power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn't do it, maybe to save space or money. That's not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone's DAC out of the equation. The phone's internal DAC worked fine when the phone wasn't charging, but I wanted to have the phone plugged in for navigation stuff when I was driving.

    That's great and all but I'm not switching to Bluetooth headphones and I'm definitely not going to fiddle around with dongles every time I switch between listening on my phone and my PC. Phones are gigantic anyways; let my have my headphone jack. I don't think it's a coincidence that all these smartphone manufacturers that ditched the old standard will happily sell you shiny expensive disposable wireless earbuds.

  • I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it's probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it's got a headphones jack. I don't think that the standard is going to vanish anytime soon in general.

    I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren't doing it for no reason.

    • From what I've read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I'd rather just have a thicker phone, but a lot of people don't, and if you're going all over the phone trying to figure out what to eject to buy more space, that's gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a small USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use a USB-C port for other things).

    • A second issue was that the standard didn't have a way to provide power (there was a now-dead extension from many years back that is now dead, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn't matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there's a solid reason to want to power headphones.

    • The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.

    • USB-C is designed so that the springy tensioning stuff that's there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand from past reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones as mini-USB, but I think that it's probably fair to say that it's desirable to have the tensioning on the cord side.

    • On USB-C, the right part breaks. One irritation I have with USB-C is that it is...kind of flimsy. Like, it doesn't require that much force pushing on a plug sideways to damage a plug. However --- and I don't know if this was a design goal for USB-C, though I suspect it was --- my experience has been that if that happens, it's the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I've damaged several USB-C cables, but I've never damaged the device they're connected to while doing so.

    On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.

    EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can't really change the internal DAC. I don't know about other people, but last phone I had that did have an audio jack would let through a "wub wub wub" sound when I was charging it on USB off my car's 12V cigarette lighter adapter --- dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car's stereo via its AUX port. That's very much fixable by putting some filtering on the DAC's power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn't do it, maybe to save space or money. That's not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone's DAC out of the equation. The phone's internal DAC worked fine when the phone wasn't charging, but I wanted to have the phone plugged in for navigation stuff when I was driving.

    I’d rather just have a thicker phone, but a lot of people wouldn’t

    I think this is a case where the corporations were telling people what they wanted rather than people really asking for thinner phones. Same thing with bezels, I don't know anyone who asked for the screen to go all the way to the edge (or worse, curve around onto the sides). Apple and Samsung said 'this is what people want' when in fact it was what their marketing department wanted because they wouldn't be able to sell the iGalaxy N+1 if it was slightly thicker or heavier than the iGalaxy N.

  • Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.

    Shitty Beatles & the meters.. I'll follow you anywhere

  • Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.

    Awwwwwwwwwwwwww YAH

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    They said I was mad when they removed the headphone jack - well who’s mad now??! AHAHahahahaaaaaaahhhhcrap it’s me.

    I’m still mad. Fuckers.

  • 31 Stimmen
    1 Beiträge
    14 Aufrufe
    Niemand hat geantwortet
  • 89 Stimmen
    15 Beiträge
    69 Aufrufe
    S
    I suspect people (not billionaires) are realising that they can get by with less. And that the planet needs that too. And that working 40+ hours a week isn’t giving people what they really want either. Tbh, I don't think that's the case. If you look at any of the relevant metrics (CO², energy consumption, plastic waste, ...) they only know one direction globally and that's up. I think the actual issues are Russian invasion of Ukraine and associated sanctions on one of the main energy providers of Europe Trump's "trade wars" which make global supply lines unreliable and costs incalculable (global supply chains love nothing more than uncertainty) Uncertainty in regards to China/Taiwan Boomers retiring in western countries, which for the first time since pretty much ever means that the work force is shrinking instead of growing. Economical growth was mostly driven by population growth for the last half century with per-capita productivity staying very close to inflation. Disrupting changes in key industries like cars and energy. The west has been sleeping on may of these developments (e.g. electric cars, batteries, solar) and now China is curbstomping the rest of the world in regards to market share. High key interest rates (which are applied to reduce high inflation due to some of the reason above) reduce demand on financial investments into companies. The low interest rates of the 2010s and also before lead to more investments into companies. With interest going back up, investments dry up. All these changes mean that companies, countries and people in the west have much less free cash available. There’s also the value of money has never been lower either. That's been the case since every. Inflation has always been a thing and with that the value of money is monotonically decreasing. But that doesn't really matter for the whole argument, since the absolute value of money doesn't matter, only the relative value. To put it differently: If you earn €100 and the thing you want to buy costs €10, that is equivalent to if you earn €1000 and the thing you want to buy costing €100. The value of money dropping is only relevant for savings, and if people are saving too much then the economy slows down and jobs are cut, thus some inflation is positive or even required. What is an actual issue is that wages are not increasing at the same rate as the cost of things, but that's not a "value of the money" issue.
  • 35 Stimmen
    3 Beiträge
    25 Aufrufe
    T
    On the one hand, this is possibly dubious in that things that aren't generally considered to be part of defence will be used to inflate our defence spending numbers without actually spending more than previous (i.e. it's just a PR move) But on the other hand, this could be immensely useful in telling the NIMBYs to fuck right off. What's that, you're opposing infrastructure improvements, new housing, or wind turbines? Aw, diddums, that's too bad. This is deemed critical for national security, and thus the government can give it approval regardless. Sorry Bernard, sorry Mary, your petition against any change in the area is going nowhere.
  • 23 Stimmen
    4 Beiträge
    23 Aufrufe
    D
    Whew..... None of the important file hosters ..
  • 85K – A Melhor Opção para Quem Busca Diversão e Recompensas

    Technology technology
    1
    1
    1 Stimmen
    1 Beiträge
    13 Aufrufe
    Niemand hat geantwortet
  • How a Spyware App Compromised Assad’s Army

    Technology technology
    2
    1
    41 Stimmen
    2 Beiträge
    24 Aufrufe
    S
    I guess that's why you pay your soldiers. In the early summer of 2024, months before the opposition launched Operation Deterrence of Aggression, a mobile application began circulating among a group of Syrian army officers. It carried an innocuous name: STFD-686, a string of letters standing for Syria Trust for Development. ... The STFD-686 app operated with disarming simplicity. It offered the promise of financial aid, requiring only that the victim fill out a few personal details. It asked innocent questions: “What kind of assistance are you expecting?” and “Tell us more about your financial situation.” ... Determining officers’ ranks made it possible for the app’s operators to identify those in sensitive positions, such as battalion commanders and communications officers, while knowing their exact place of service allowed for the construction of live maps of force deployments. It gave the operators behind the app and the website the ability to chart both strongholds and gaps in the Syrian army’s defensive lines. The most crucial point was the combination of the two pieces of information: Disclosing that “officer X” was stationed at “location Y” was tantamount to handing the enemy the army’s entire operating manual, especially on fluid fronts like those in Idlib and Sweida.
  • 377 Stimmen
    58 Beiträge
    194 Aufrufe
    avidamoeba@lemmy.caA
    Does anyone know if there's additional sandboxing of local ports happening for apps running in Private Space? E: Checked myself. Can access servers in Private Space from non-Private Space browsers and vice versa. So Facebook installed in Private Space is no bueno. Even if the time to transfer data is limited since Private Space is running for short periods of time, it's likely enough to pass a token while browsing some sites.
  • 33 Stimmen
    12 Beiträge
    66 Aufrufe
    E
    Can you replace politicians I feel like that would actually be an improvement. Hell it'd probably be an improvement if the current system's replaced politicians. To be honest though I've never seen any evidence that AGI is inevitable, it's perpetually 6 months away except in 6 months it'll still be 6 months away.