Skip to content

Zero-day: Bluetooth gap turns millions of headphones into listening stations

Technology
123 88 2
  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    So how do you determine if your headphones have the vulnerable chip in them?

  • So how do you determine if your headphones have the vulnerable chip in them?

    You will need to do some research on your headphones, I guess.

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.

  • So how do you determine if your headphones have the vulnerable chip in them?

    The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.

    • Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
    • Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
    • JBL Live Buds 3, Endurance Race 2
    • Jabra Elite 8 Active
    • Bose QuietComfort Earbuds
    • Beyerdynamic Amiron 300
    • Jlab Epic Air Sport ANC
    • Teufel Airy TWS 2
    • MoerLabs EchoBeatz
    • Xiaomi Redmi Buds 5 Pro
    • earisMax Bluetooth Auracast Sender

    ERNW emphasizes that this is only a partial list.

    Source

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    And this is why people wanted headphone jacks... and also why corporations didn't want them.

  • So how do you determine if your headphones have the vulnerable chip in them?

    According to the article, headphones using a Bluetooth SoC manufactured by Airoha may be vulnerable. So, need to find if your headphones use their SoC.

  • And this is why people wanted headphone jacks... and also why corporations didn't want them.

    and also why corporations didn't want them.

    Exactly! So they can spy on us more!

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    Gonna set up my tablet to play Capital over bluetooth 24/7. Enjoy the theory skinwalkers

  • The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.

    • Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
    • Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
    • JBL Live Buds 3, Endurance Race 2
    • Jabra Elite 8 Active
    • Bose QuietComfort Earbuds
    • Beyerdynamic Amiron 300
    • Jlab Epic Air Sport ANC
    • Teufel Airy TWS 2
    • MoerLabs EchoBeatz
    • Xiaomi Redmi Buds 5 Pro
    • earisMax Bluetooth Auracast Sender

    ERNW emphasizes that this is only a partial list.

    Source

    Sony WH-1000XM4/5/6

    I don't have one of those, but they're pretty popular as headphones with good ANC.

    Jlab Epic Air Sport ANC

    I do have those, though.

  • Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.

    A fine choice though.

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.

    I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    There's lots of money to be made by inserting a hardware back door in your product then later disclosing it as an unfixable vulnerability and force your customers to buy new hardware which has the same but different backdoor. Repeat.

  • And this is why people wanted headphone jacks... and also why corporations didn't want them.

    I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it's probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it's got a headphones jack. I don't think that the standard is going to vanish anytime soon in general.

    I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren't doing it for no reason.

    • From what I've read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I'd rather just have a thicker phone, but a lot of people don't, and if you're going all over the phone trying to figure out what to eject to buy more space, that's gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a small USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use a USB-C port for other things).

    • A second issue was that the standard didn't have a way to provide power (there was a now-dead extension from many years back that is now dead, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn't matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there's a solid reason to want to power headphones.

    • The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.

    • USB-C is designed so that the springy tensioning stuff that's there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand from past reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones as mini-USB, but I think that it's probably fair to say that it's desirable to have the tensioning on the cord side.

    • On USB-C, the right part breaks. One irritation I have with USB-C is that it is...kind of flimsy. Like, it doesn't require that much force pushing on a plug sideways to damage a plug. However --- and I don't know if this was a design goal for USB-C, though I suspect it was --- my experience has been that if that happens, it's the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I've damaged several USB-C cables, but I've never damaged the device they're connected to while doing so.

    On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.

    EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can't really change the internal DAC. I don't know about other people, but last phone I had that did have an audio jack would let through a "wub wub wub" sound when I was charging it on USB off my car's 12V cigarette lighter adapter --- dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car's stereo via its AUX port. That's very much fixable by putting some filtering on the DAC's power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn't do it, maybe to save space or money. That's not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone's DAC out of the equation. The phone's internal DAC worked fine when the phone wasn't charging, but I wanted to have the phone plugged in for navigation stuff when I was driving.

  • Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.

    I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.

    A speaker i have from bose is always on and "sleeping" and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead.. wouldnt be surprised if some headphones worked the same..

  • A speaker i have from bose is always on and "sleeping" and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead.. wouldnt be surprised if some headphones worked the same..

    It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.

  • And this is why people wanted headphone jacks... and also why corporations didn't want them.

    Hum...

  • The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

    Source

    This is why I chose to get a Corsair Virtuoso, which has a removable microphone.

  • The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.

    • Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
    • Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
    • JBL Live Buds 3, Endurance Race 2
    • Jabra Elite 8 Active
    • Bose QuietComfort Earbuds
    • Beyerdynamic Amiron 300
    • Jlab Epic Air Sport ANC
    • Teufel Airy TWS 2
    • MoerLabs EchoBeatz
    • Xiaomi Redmi Buds 5 Pro
    • earisMax Bluetooth Auracast Sender

    ERNW emphasizes that this is only a partial list.

    Source

    Damn that's pretty big, hopefully they update and give a final list of affected devices. Not to mention, gotta pray the devices will see software updates to try and mitigate it.

  • I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it's probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it's got a headphones jack. I don't think that the standard is going to vanish anytime soon in general.

    I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren't doing it for no reason.

    • From what I've read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I'd rather just have a thicker phone, but a lot of people don't, and if you're going all over the phone trying to figure out what to eject to buy more space, that's gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a small USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use a USB-C port for other things).

    • A second issue was that the standard didn't have a way to provide power (there was a now-dead extension from many years back that is now dead, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn't matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there's a solid reason to want to power headphones.

    • The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.

    • USB-C is designed so that the springy tensioning stuff that's there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand from past reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones as mini-USB, but I think that it's probably fair to say that it's desirable to have the tensioning on the cord side.

    • On USB-C, the right part breaks. One irritation I have with USB-C is that it is...kind of flimsy. Like, it doesn't require that much force pushing on a plug sideways to damage a plug. However --- and I don't know if this was a design goal for USB-C, though I suspect it was --- my experience has been that if that happens, it's the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I've damaged several USB-C cables, but I've never damaged the device they're connected to while doing so.

    On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.

    EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can't really change the internal DAC. I don't know about other people, but last phone I had that did have an audio jack would let through a "wub wub wub" sound when I was charging it on USB off my car's 12V cigarette lighter adapter --- dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car's stereo via its AUX port. That's very much fixable by putting some filtering on the DAC's power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn't do it, maybe to save space or money. That's not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone's DAC out of the equation. The phone's internal DAC worked fine when the phone wasn't charging, but I wanted to have the phone plugged in for navigation stuff when I was driving.

    Great post, thank you.

  • Blocking real-world ads: is the future here?

    Technology technology
    30
    1
    197 Stimmen
    30 Beiträge
    2 Aufrufe
    I
    Special permits are a non issue. Disguised in any way cameras should be banned outright tbh
  • Rediscovering Human Purpose in the Age of AI

    Technology technology
    2
    1
    3 Stimmen
    2 Beiträge
    10 Aufrufe
    capuccino@lemmy.worldC
    well, it seems that the rich will stay rich, no matter what. It's incredible that people see AI as a religion now
  • Honda successfully launched and landed its own reusable rocket

    Technology technology
    170
    1
    1k Stimmen
    170 Beiträge
    40 Aufrufe
    gerryflap@feddit.nlG
    Call me an optimist, but I still hold the hope that we can one day do better as humanity than we do now. Humanity has become a "better" species throughout its existence overall. Even a hundred years ago we were much more horrible and brutal than we are now. The current trend is not great, with climate change and far-right grifters taking control. But I hold hope that in the end this is but a blip on the radar. Horrible for us now, but in the grand scheme of things not something that will end humanity. It might in the worst case set us back a few hundred years.
  • 136 Stimmen
    29 Beiträge
    13 Aufrufe
    J
    Yeah, I was going to say that TV wasn't much of a news source to begin with. The real issue is that social media for news is probably worse - now everyone can be spoonfed the news they want.
  • Palantir hits new highs amid Israel-Iran conflict

    Technology technology
    4
    1
    41 Stimmen
    4 Beiträge
    8 Aufrufe
    W
    I think both peace and war are profitable. But those that profit from war may be more pushy than those that profit from peace, and so may get their way even as an unpopular minority . Unless, the left (usually more pro peace) learns a few lessons from the right and places good outcomes above the holier than thou moral purity. "I've never made anyone uncomfortable" is not the merit badge that some think it is. Of course the left can never be a mirror copy of the right because the left cannot afford to give as few fucks about anything as the right (who represent the already-haves economic incumbents; it's not called the "fuck you money" for nothing). But the left can be way tougher and nuancedly uncompromising and even calculatingly and carefully millitant. Might does not make right but might DOES make POLICY. You need both right and might to live under a good policy. Lotta good it does anyone to be right and insightful on all the issues and have zero impact anywhere.
  • 180 Stimmen
    13 Beiträge
    5 Aufrufe
    D
    There is a huge difference between an algorithm using real world data to produce a score a panel of experts use to make a determination and using a LLM to screen candidates. One has verifiable reproducible results that can be checked and debated the other does not. The final call does not matter if a computer program using an unknown and unreproducible algorithm screens you out before this. This is what we are facing. Pre-determined decisions that human beings are not being held accountable to. Is this happening right now? Yes it is, without a doubt. People are no longer making a lot of healthcare decisions determining insurance coverage. Computers that are not accountable are. You may have some ability to disagree but for how long? Soon there will be no way to reach a human about an insurance decision. This is already happening. People should be very anxious. Hearing United Healthcare has been forging DNRs and has been denying things like treatment for stroke for elders is disgusting. We have major issues that are not going away and we are blatantly ignoring them.
  • 489 Stimmen
    18 Beiträge
    9 Aufrufe
    5
    Pretty confident that's the intention of that name
  • UK government withholding details of Palantir contract

    Technology technology
    3
    1
    15 Stimmen
    3 Beiträge
    11 Aufrufe
    T
    Of all the partners you could have picked. Eek.