The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

Source

  • Optional@lemmy.worldEnglish
    171·
    6 个月前

    They said I was mad when they removed the headphone jack - well who’s mad now??! AHAHahahahaaaaaaahhhhcrap it’s me.

    I’m still mad. Fuckers.

  • Redex@lemmy.worldEnglish
    24·
    6 个月前

    Hah, jokes on them, I managed to fuck my earbuds’ microphones so they’re useless now.

  • ashenone@lemmy.mlEnglish
    3·
    6 个月前

    Gonna set up my tablet to play Capital over bluetooth 24/7. Enjoy the theory skinwalkers

  • solrize@lemmy.mlEnglish
    241·
    6 个月前

    So glad I use wired earbuds and refused to buy a phone that didn’t support them.

    • SharkAttak@kbin.melroy.org
      10·
      6 个月前

      LOL at the big debate I read just yesterday about how better wireless headphones are, and how useless jacks on phones are nowadays…

    • Someonelol@lemmy.dbzer0.comEnglish
      152·
      6 个月前

      Same. I can’t find any Bluetooth headphones whose batteries don’t die in 4 or 5 months anyway. Meanwhile my Moondrop wired headphones have been going strong for almost 3 years.

      • Zeoic@lemmy.worldEnglish
        101·
        6 个月前

        My sony earbuds lasted 5 years before I decided to replace the batteries in them, which cost me $20 and 30 min. I would hope other earbuds wouldnt die in only half a year

          • Zeoic@lemmy.worldEnglish
            1·
            6 个月前

            Mine are the WF1000XM3 I still have never heard noise cancellation as good as those ones. I have a couple other pair of earbuds as well, one for set for side sleeping, and one set for water. I like to listen to audiobooks in the shower and the IPX7 ones have held up great

            • Squizzy@lemmy.worldEnglish
              2·
              6 个月前

              I want exactly this set up. I need different ones for bedtime, swimming and everyday wear

              • Zeoic@lemmy.worldEnglish
                1·
                6 个月前

                Well, I can recommend the soundcore anker life A1 earbuds for swimming, and the soundcore sleep A20 for low profile earbuds that dont stick out of your ear. Went through atleast 4 sets (wired and wireless) of earbuds for each until settling on these.

                • Squizzy@lemmy.worldEnglish
                  1·
                  6 个月前

                  Just FYI, I would imagine anker have plenty of exploits but I appreiate the recommendations.

        • Someonelol@lemmy.dbzer0.comEnglish
          62·
          6 个月前

          To be fair I kept buying models that cost $20 to $30 so maybe the higher end ones would last longer. That said, my Moondrops wired headphones cost the same but are way more reliable.

  • Catoblepas@piefed.blahaj.zoneEnglish
    282·
    6 个月前

    Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.

    I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.

    • Goretantath@lemmy.worldEnglish
      10·
      6 个月前

      A speaker i have from bose is always on and “sleeping” and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead… wouldnt be surprised if some headphones worked the same…

      • Catoblepas@piefed.blahaj.zoneEnglish
        3·
        6 个月前

        It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.

        • Dave.@aussie.zoneEnglish
          8·
          6 个月前

          It’s BLE - Bluetooth Low Energy.

          Basically devices with BLE can listen for a wake-up command and turn on, similar to the “magic packet” of wake on Ethernet.

          Super convenient for “find my device” applications, also nice to be able to connect and activate the device without having to press a power button like a peasant.

          It also means that most devices with BLE end up flat within a month. I had a speaker with BLE and had to deliberately download a much older version of the Android partner app to turn it off, as they dropped the option to do so in later versions for “convenience”. With BLE on it would be flat in about 6 weeks regardless of whether I’d used it or not , which really ruined ad-hoc usage for me.

      • entwine413@lemm.eeEnglish
        52·
        6 个月前

        A smart outlet (and running home assistant) will solve that problem.

    • Almonds@mander.xyzEnglish
      54·
      6 个月前

      The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.

      • Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
      • Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
      • JBL Live Buds 3, Endurance Race 2
      • Jabra Elite 8 Active
      • Bose QuietComfort Earbuds
      • Beyerdynamic Amiron 300
      • Jlab Epic Air Sport ANC
      • Teufel Airy TWS 2
      • MoerLabs EchoBeatz
      • Xiaomi Redmi Buds 5 Pro
      • earisMax Bluetooth Auracast Sender

      ERNW emphasizes that this is only a partial list.

      Source

      • OberonSwanson@sh.itjust.worksEnglish
        12·
        6 个月前

        Damn that’s pretty big, hopefully they update and give a final list of affected devices. Not to mention, gotta pray the devices will see software updates to try and mitigate it.

      • tal@lemmy.todayEnglish
        191·
        6 个月前

        Sony WH-1000XM4/5/6

        I don’t have one of those, but they’re pretty popular as headphones with good ANC.

        Jlab Epic Air Sport ANC

        I do have those, though.

        • devfuuu@lemmy.worldEnglish
          4·
          6 个月前

          Yeah. I have the previous version of the WH which seems not affected, but I also have the WF 3 which unfortunately seems to be.

          Many people have sony headphones with those chips.

    • hendu@lemmy.dbzer0.comEnglish
      9·
      6 个月前

      According to the article, headphones using a Bluetooth SoC manufactured by Airoha may be vulnerable. So, need to find if your headphones use their SoC.

  • skisnow@lemmy.caEnglish
    944·
    6 个月前

    downvoted for that website’s super illegal “pay us to not track you” policy

    • viking@infosec.pubEnglish
      11·
      6 个月前

      GDPR. First time opening a European website? German ones like this are particularly transparent (by law, not choice).

  • Vanilla_PuddinFudge@infosec.pubEnglish
    222·
    6 个月前

    I had a neighbor about 6 years ago that blasted rap at full volume every evening.

    rap booming in the background

    one fine day

    "hmmm, what were these headphones on bt again? wait… soundbar. I don’t have a soundbar.

    hmmm, I wonder"

    device paired

    Jellyfin>Artists>… Meshuggah

    Obzen

    Combustion

    play

    Volume 100%

    “I think I’ll go to the store for a while!”

    • TryingSomethingNew@lemmy.worldEnglish
      6·
      6 个月前

      Elastic would’ve been amazing (among other things, it has all songs on the album laid on top of another, playing simultaneously)

    • Jarix@lemmy.worldEnglish
      21·
      6 个月前

      My old FM BT transmitter that let me connect to my car had a surprising range, bout about a 100ft in every direction which as I understand it they aren’t supposed to be that strong. (Scosche brand from Best Buy)

      Used to tune it to the popular country station and jam everyone around me from listening to that station, which made me happy. Couple times when there was a particularly loud or obnoxious driver…I definately didn’t blast porn hub with my stereo off in my car…

      Tangent.

      One of my last concerts I went to was Meshuggah

      Had a great time.

  • atlien51@lemm.eeEnglish
    682·
    6 个月前

    This really makes me hate that we don’t have headphone jack anymore

    • underscores@lemmy.zipEnglish
      13·
      6 个月前

      Ive always hated phones without the 3.5mm and won’t stop even if all phone manufacturers remove it

      • atlien51@lemm.eeEnglish
        41·
        6 个月前

        At least you can still get adapters for phones that don’t have it :)

        • ddh@lemmy.sdf.orgEnglish
          111·
          6 个月前

          Indeed, I don’t really see the problem. Instead of a single use port you have a practically universal port. That’s better, surely.

          • Walk_blesseD@piefed.blahaj.zoneEnglish
            141·
            6 个月前

            instead of

            Yeah but it was never a matter of “insTeAD Of,” it’s in addition to, meaning you get to use the same favourite set of headpdones you use with literally every other device while keeping the practically universal port free for other purposes at the same time!!! 🤯🤯🤯
            Now isn’t that wizard?

                • ddh@lemmy.sdf.orgEnglish
                  33·
                  6 个月前

                  I guess I’m used to it. Besides, imagine not using a cable at all–even better?

  • MNByChoice@midwest.socialEnglish
    79·
    6 个月前

    The site wants to share info with advertisers. I found this to be refreshingly honest.

    We and our up to 185 partners use cookies and tracking technologies. Some cookies and data processing are technically necessary, others help us to improve our offer and operate it economically…

    Anyway, can we get an archive link?