Zero-day: Bluetooth gap turns millions of headphones into listening stations
Zero-day: Bluetooth gap turns millions of headphones into listening stations
The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.
downvoted for that website's super illegal "pay us to not track you" policy
Consent required for free use
I think that’s explicitly forbidden by the EU, and it’s a German domain.
I hate that. I’m looking at you Healthline. I hate that it’s always so high in the results.
Not all sites charge - yet.
The site wants to share info with advertisers. I found this to be refreshingly honest.
We and our up to 185 partners use cookies and tracking technologies. Some cookies and data processing are technically necessary, others help us to improve our offer and operate it economically...
Anyway, can we get an archive link?
It’s strange to think about how complicit the public has become with this. You mean to tell me that 185 separate connections to other companies are required for me to… read an article?
Well yeah, they have to hoard your advertising data somehow. How else can they advertise things that you don't need to buy?
You can get/make your own archive link by going to archive.ph and entering the article's URL.
Here's the link for this one: https://archive.ph/wUAQn
Thanks!
The website also wants to drm fingerprint you
Instead of hacking Bluetooth, sounds more effective to be an "advertising partner".
Unchecked consumer-grade RF signals that are broadcast in every direction are insecure??
Color me shocked!
Well, if these devices required any sort of authentication (e.g. pairing) to free access to their ram and flash, we wouldn't be having this particular story..
This really makes me hate that we don’t have headphone jack anymore
Wired headphones stay winning
There's lots of money to be made by inserting a hardware back door in your product then later disclosing it as an unfixable vulnerability and force your customers to buy new hardware which has the same but different backdoor. Repeat.
Thanks, I hate it. Vulnerable to your competitor red teaming it tho...
Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.
A fine choice though.
Awwwwwwwwwwwwww YAH
Namana naanaa, bum darum du da.. dadam da da!
Shitty Beatles & the meters.. I'll follow you anywhere
Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.
I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.
A speaker i have from bose is always on and "sleeping" and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead.. wouldnt be surprised if some headphones worked the same..
It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.
A smart outlet (and running home assistant) will solve that problem.
Sounds like the attack scenario is very sophisticated and targeted, and only works within the range of Bluetooth low energy (BLE) connectivity, so 10-15 meters under best circumstances. At that point they might as well eavesdrop on my calls in person.
I think BLE is only required for the initial compromise (extracting the pairing key). After that the attack can be performed over classic BT, and can impersonate either part (headphones or phone) to the other.
It's still very targeted and sophisticated, so no reason to panic unless you have reasons to think someone with the resources could target you.
Regarding the attacks, they go way beyond eavesdropping calls, since BT headphones usually have access to contacts and smart assistants, that you can use to extract a lot more information
Directional antennas exist and are very inexpensive
10-15 meters might be good enough to conduct the attack from a neighboring office or apartment, while actual eavesdropping is not so easy.
Honey i got to go there is a man outside our window with a lapton and an radio antenna "Ignore the man outside your window and just read off your credit card number
So glad I use wired earbuds and refused to buy a phone that didn't support them.
Same. I can't find any Bluetooth headphones whose batteries don't die in 4 or 5 months anyway. Meanwhile my Moondrop wired headphones have been going strong for almost 3 years.
LOL at the big debate I read just yesterday about how better wireless headphones are, and how useless jacks on phones are nowadays...
I will never tire of pasting this:
https://biggaybunny.tumblr.com/post/166787080920/tech-enthusiasts-everything-in-my-house-is-wired
So how do you determine if your headphones have the vulnerable chip in them?
The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.
ERNW emphasizes that this is only a partial list.
Sony WH-1000XM4/5/6
I don't have one of those, but they're pretty popular as headphones with good ANC.
Jlab Epic Air Sport ANC
I do have those, though.
Damn that's pretty big, hopefully they update and give a final list of affected devices. Not to mention, gotta pray the devices will see software updates to try and mitigate it.
Guess I'm lucky to have broken the mics on mine by accidentally throwing them in the wash?
You will need to do some research on your headphones, I guess.
According to the article, headphones using a Bluetooth SoC manufactured by Airoha may be vulnerable. So, need to find if your headphones use their SoC.
I had a neighbor about 6 years ago that blasted rap at full volume every evening.
rap booming in the background
one fine day
"hmmm, what were these headphones on bt again? wait... soundbar. I don't have a soundbar.
hmmm, I wonder"
device paired
Jellyfin>Artists>..... Meshuggah
Obzen
Combustion
play
Volume 100%
"I think I'll go to the store for a while!"
Elastic would’ve been amazing (among other things, it has all songs on the album laid on top of another, playing simultaneously)
This one is great for destroying speakers: warning super loud (turn down your volume before playing) https://m.soundcloud.com/osium-1/official-paul-walker-tribute-fast-and-furious-7
My old FM BT transmitter that let me connect to my car had a surprising range, bout about a 100ft in every direction which as I understand it they aren't supposed to be that strong. (Scosche brand from Best Buy)
Used to tune it to the popular country station and jam everyone around me from listening to that station, which made me happy. Couple times when there was a particularly loud or obnoxious driver...I definately didn't blast porn hub with my stereo off in my car..
Tangent.
One of my last concerts I went to was Meshuggah
Had a great time.
They said I was mad when they removed the headphone jack - well who’s mad now??! AHAHahahahaaaaaaahhhhcrap it’s me.
I’m still mad. Fuckers.
What is that site asking me to agree to? No thanks
GDPR. First time opening a European website? German ones like this are particularly transparent (by law, not choice).
US websites don't even ask, they just do it behind your back.
I was hoping this would allow me to take over Bluetooth speakers that people use while skiing and replace their music with a PSA about how no one wants to hear their music
Most annoying people on the mountain
Or public transit. Or public parks. Or grocery stores.
Yesss. Find that sploit and please let it never be fixable. I didn't download a copy of The Wheels On The Bus for nothing.
... and this is why I don't use bluetooth on anything.
I never have it enabled unless I am in the car driving and need driving directions or listening to music/podcasts. I prefer wired headphones, but manufacturers are making that difficult.
Because they can't sell you more Bluetooth crap if they give you a choice.
Stop buying no-Jack phones.
Archive link: archive.ph/wUAQn
Yep I only use wired...
Imagine how much data could be collected from, say, a busy gym full of people with wireless headphones, or a hotel lobby
This is why I chose to get a Corsair Virtuoso, which has a removable microphone.
My Redmi buds 5 had a firmware update available for me in the app. It could be an older one though, their patch notes suck and don't even say the date. v4.3.8.8
Gonna set up my tablet to play Capital over bluetooth 24/7. Enjoy the theory skinwalkers
Alright now how do I test this out
You can get/make your own archive link by going to archive.ph and entering the article's URL.
Here's the link for this one: https://archive.ph/wUAQn
And this is why people wanted headphone jacks... and also why corporations didn't want them.
I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it's probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it's got a headphones jack. I don't think that the standard is going to vanish anytime soon in general.
I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren't doing it for no reason.
On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.
EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can't really change the internal DAC. I don't know about other people, but last phone I had that did have an audio jack would let through a "wub wub wub" sound when I was charging it on USB off my car's 12V cigarette lighter adapter --- dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car's stereo via its AUX port. That's very much avoidable for the manufacturer by putting some filtering on the DAC's power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn't do it, maybe to save space or money. That's not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone's DAC out of the equation. The phone's internal DAC worked fine when the phone wasn't charging, but I wanted to have the phone plugged in for (battery hungry) navigation stuff when I was driving.
I think this is a case where the corporations were telling people what they wanted rather than people really asking for thinner phones. Same thing with bezels, I don't know anyone who asked for the screen to go all the way to the edge (or worse, curve around onto the sides). Apple and Samsung said 'this is what people want' when in fact it was what their marketing department wanted because they wouldn't be able to sell the iGalaxy N+1 if it was slightly thicker or heavier than the iGalaxy N.
That's great and all but I'm not switching to Bluetooth headphones and I'm definitely not going to fiddle around with dongles every time I switch between listening on my phone and my PC. Phones are gigantic anyways; let my have my headphone jack. I don't think it's a coincidence that all these smartphone manufacturers that ditched the old standard will happily sell you shiny expensive disposable wireless earbuds.
Honestly I'd be happy with a phone sporting two USB C ports, one centered and one off to the side where the headphone jack used to be, both fully functional.
Great post, thank you.
A lot of great points here, I would be on aboard if phones therefore had two USB-C ports as standard
I know someone who works somewhat high up at Apple and he told me another reason was that they really wanted to improve the water proofing.
What is ANC?
Exactly! So they can spy on us more!
No, the real reason is it saves a few pennies per phone. They can already spy on us through the internal mic.
I'm not really sure that is the reason. I'm not saying I would put it past them, just that I really don't think it's necessary. Smart phone manufacturers have a million other ways they could spy on you if they wanted to. The U.S. Government already has the ability to know each and every thing you do on your phone, even if you never use Bluetooth. I think it's greed pure and simple. It probably cost's them a few pennies to add a physical jack and most people would lose their shit if a phone came out without Bluetooth capabilities, so they save those couple of pennies and put them into their greedy ass pockets.
That being said I have never bought a phone without one and never will as long as I have a choice. I do love my wireless headset though but I am also not too worried about being spied on (yet).
I'm 100% convinced that is why they stopped making batteries user replaceable though. In 2019 Edward Snowden did an interview with Wired magazine where he made the interviewer remove the battery from his phone as a condition of the interview. He explained that the U.S. Government can make it seem as if your device had been 'powered down' when in fact they can still listen to your conversations and transmit them back to the CIA or whatever other spooks that want to listen in. Shortly after than almost all manufactures stopped allowing you to remove the battery. Coincidence?
My current phone doesn't have a removable battery, because I literally couldn't find one in my price range that allowed you to do so.
The best advice if you don't want to be spied on is not to use a smartphone altogether or just do whatever you want to be kept secret away from the phone at the very least. Buy a Faraday bag and keep your phone in there if that's not an option.
Hum...
https://www.xatakaon.com/security/if-you-use-wired-headphones-youre-at-risk-theyre-the-ideal-scenario-for-hackers
The only time a hacker is going to target you like this is if you're an extremely high value target like a CEO or if you're in the crosshairs of a nation-state. The average hacker isn't going to waste this kind of effort to hack someone with $200 in their bank account and no power over anything or anyone.
Double post
Eh, you're assigning an awful lot of malice with no real reason. A smartphone manufacturer already has access to the kind of data exposed in this attack, regardless of whether the headphones were hooked up with wires or bluetooth.
Samsung, Apple, Xaomi, Huwaei or whoever else doesn't need some stupid BT vulnerability to know what attached devices like headphone are up too. They already have root level access to the phones hardware.