The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.
Wired headphones stay winning
Zero-day: Bluetooth gap turns millions of headphones into listening stations
Submitted 5 hours ago by rodneyck@lemmy.dbzer0.com to technology@lemmy.world
Comments
sharkfucker420@lemmy.ml 2 hours ago
sp3ctr4l@lemmy.dbzer0.com 1 hour ago
… and this is why I don’t use bluetooth on anything.
rodneyck@lemmy.dbzer0.com 1 hour ago
I never have it enabled unless I am in the car driving and need driving directions or listening to music/podcasts. I prefer wired headphones, but manufacturers are making that difficult.
PattyMcB@lemmy.world 1 hour ago
What is that site asking me to agree to? No thanks
Vanilla_PuddinFudge@infosec.pub 3 hours ago
I had a neighbor about 6 years ago that blasted rap at full volume every evening.
rap booming in the background
one fine day
“hmmm, what were these headphones on bt again? wait… soundbar. I don’t have a soundbar.
hmmm, I wonder”
device paired
Jellyfin>Artists>… Meshuggah
Obzen
Combustion
play
Volume 100%
“I think I’ll go to the store for a while!”
Mbourgon@lemmy.world 3 hours ago
Elastic would’ve been amazing (among other things, it has all songs on the album laid on top of another, playing simultaneously)
IndustryStandard@lemmy.world 2 hours ago
This one is great for destroying speakers: warning super loud (turn down your volume before playing) m.soundcloud.com/…/official-paul-walker-tribute-f…
joyjoy@lemmy.zip 4 hours ago
There’s lots of money to be made by inserting a hardware back door in your product then later disclosing it as an unfixable vulnerability and force your customers to buy new hardware.
MalReynolds@aussie.zone 1 hour ago
Thanks, I hate it. Vulnerable to your competitor red teaming it tho…
ShittyBeatlesFCPres@lemmy.world 5 hours ago
Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.
homesweethomeMrL@lemmy.world 3 hours ago
Awwwwwwwwwwwwww YAH
just_another_person@lemmy.world 5 hours ago
A fine choice though.
motor_spirit@lemmy.world 3 hours ago
Shitty Beatles & the meters… I’ll follow you anywhere
cmnybo@discuss.tchncs.de 5 hours ago
So how do you determine if your headphones have the vulnerable chip in them?
Almonds@mander.xyz 5 hours ago
The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.
- Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
- Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
- JBL Live Buds 3, Endurance Race 2
- Jabra Elite 8 Active
- Bose QuietComfort Earbuds
- Beyerdynamic Amiron 300
- Jlab Epic Air Sport ANC
- Teufel Airy TWS 2
- MoerLabs EchoBeatz
- Xiaomi Redmi Buds 5 Pro
- earisMax Bluetooth Auracast Sender
ERNW emphasizes that this is only a partial list.
tal@lemmy.today 5 hours ago
Sony WH-1000XM4/5/6
I don’t have one of those, but they’re pretty popular as headphones with good ANC.
Jlab Epic Air Sport ANC
Oh, I do have those, though.
OberonSwanson@sh.itjust.works 4 hours ago
Damn that’s pretty big, hopefully they update and give a final list of affected devices. Not to mention, gotta pray the devices will see software updates to try and mitigate it.
hendu@lemmy.dbzer0.com 5 hours ago
According to the article, headphones using a Bluetooth SoC manufactured by Airoha may be vulnerable. So, need to find if your headphones use their SoC.
rodneyck@lemmy.dbzer0.com 5 hours ago
You will need to do some research on your headphones, I guess.
Catoblepas@piefed.blahaj.zone 5 hours ago
Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.
I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.
Goretantath@lemmy.world 4 hours ago
A speaker i have from bose is always on and “sleeping” and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead… wouldnt be surprised if some headphones worked the same…
entwine413@lemm.ee 3 hours ago
A smart outlet (and running home assistant) will solve that problem.
Catoblepas@piefed.blahaj.zone 4 hours ago
It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.
homesweethomeMrL@lemmy.world 3 hours ago
They said I was mad when they removed the headphone jack - well who’s mad now??! AHAHahahahaaaaaaahhhhcrap it’s me.
I’m still mad. Fuckers.
pineapplelover@lemm.ee 1 hour ago
Alright now how do I test this out
turkalino@lemmy.yachts 4 hours ago
I was hoping this would allow me to take over Bluetooth speakers that people use while skiing and replace their music with a PSA about how no one wants to hear their music
Most annoying people on the mountain
ter_maxima@jlai.lu 4 hours ago
This is why I chose to get a Corsair Virtuoso, which has a removable microphone.
testuserpleaseupvote@lemmy.world 3 hours ago
My Redmi buds 5 had a firmware update available for me in the app. It could be an older one though, their patch notes suck and don’t even say the date.
ashenone@lemmy.ml 5 hours ago
Gonna set up my tablet to play Capital over bluetooth 24/7. Enjoy the theory skinwalkers
SnotFlickerman@lemmy.blahaj.zone 5 hours ago
And this is why people wanted headphone jacks.
tal@lemmy.today 4 hours ago
I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it’s probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it’s got a headphones jack. I don’t think that the standard is going to vanish anytime soon in general.
I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren’t doing it for no reason.
From what I’ve read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I’d rather just have a thicker phone, but a lot of people don’t, and if you’re going all over the phone trying to figure out what to eject to buy more space, that’s gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use a USB-C port for other things).
A second issue was that the standard didn’t have a way to provide power (there was a now-dead extension from many years back that was dead, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn’t matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there’s a solid reason to want to power headphones.
The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.
USB-C is designed so that the springy tensioning stuff that’s there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones, but I think that it’s probably fair to say that it’s desirable to have the tensioning on the cord side.
On USB-C, the right part breaks. One irritation I have with USB-C is that it is…kind of flimsy. Like, it doesn’t require that much force pushing on a plug sideways to damage a plug. However — and I don’t know if this was a design goal for USB-C, though I suspect it was — my experience has been that if that happens, it’s the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I’ve damaged several USB-C cables, but I’ve never damaged the device they’re connected to while doing so.
On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.
isVeryLoud@lemmy.ca 24 minutes ago
Honestly I’d be happy with a phone sporting two USB C ports, one centered and one off to the side where the headphone jack used to be, both fully functional.
Bob_Robertson_IX@discuss.tchncs.de 3 hours ago
I think this is a case where the corporations were telling people what they wanted rather than people really asking for thinner phones. Same thing with bezels, I don’t know anyone who asked for the screen to go all the way to the edge (or worse, curve around onto the sides). Apple and Samsung said ‘this is what people want’ when in fact it was what their marketing department wanted because they wouldn’t be able to sell the iGalaxy N+1 if it was slightly thicker or heavier than the iGalaxy N.
jonathan@lemmy.zip 4 hours ago
Great post, thank you.
Unboxious@ani.social 3 hours ago
That’s great and all but I’m not switching to Bluetooth headphones and I’m definitely not going to fiddle around with dongles every time I switch between listening on my phone and my PC. Phones are gigantic anyways; let my have my headphone jack. I don’t think it’s a coincidence that all these smartphone manufacturers that ditched the old standard will happily sell you shiny expensive disposable wireless earbuds.
wingsfortheirsmiles@feddit.uk 4 hours ago
I lot of great points here, I would be on aboard if phone therefore had two USB-C ports as standard
Dremor@lemmy.world 4 hours ago
Hum…
xatakaon.com/…/if-you-use-wired-headphones-youre-…
SnotFlickerman@lemmy.blahaj.zone 4 hours ago
The only time a hacker is going to target you like this is if you’re an extremely high value target like a CEO or if you’re in the crosshairs of a nation-state. The average hacker isn’t going to waste this kind of effort to hack someone with $200 in their bank account and no power over anything or anyone.