Millions at Risk: Major Flaw in Popular Headphones Could Allow Spying
Imagine you're in the subway or a cafe, listening to your earbuds, but without knowing that someone is eavesdropping on you. That's now a possible scenario, as new research reveals that millions of users are at risk due to newly discovered Bluetooth vulnerabilities.
Security researchers at Germany's ERNW have published a report detailing Bluetooth connectivity bugs in Airoha-equipped devices, including wireless earbuds, headphones, and speakers from major brands like Sony, JBL, and Beyerdynamic. This means that potentially millions of devices and users are at risk.
How Attackers Can Take Advantage of the Exploits
The report states that the bugs lie in the custom communication protocol used in Taiwanese-made Airoha chipsets, which are exposed when using Bluetooth Low Energy and Bluetooth Classic. The report highlights that these flaws allow attackers to gain access to headphones as well as the connected device within Bluetooth range (~10 meters) without the user's consent or alerting them.
Once access is gained, there are several ways attackers can exploit these vulnerabilities and insecure connections. The most alarming is how they can eavesdrop or spy using the compromised device, specifically by tapping into the microphones in headphones to record sound or extract important information.
Another method demonstrated by researchers is that this could allow attackers to hijack the connected smartphone. This could subsequently execute commands, such as making calls, as well as read information, including call logs, history, and numbers. Plus, depending on the operating system, attackers could also use this access to activate actions via voice assistants.
Should Average Consumers Be Concerned?
While these sound quite terrifying, it was noted that the nature of the exploits makes them primarily concerning for high-profile targets, such as politicians, activists, and journalists, and that regular users shouldn't be overly concerned. For instance, users would likely get an immediate alert if someone has hijacked the connection, such as when audio playback stops on the headphones. At the same time, it requires attackers to set up nearby, which might give victims a hint.
In addition to the confirmed audio products, the security firm shared a list of possibly affected devices that are installed with Airoha chips. Among them are Sony's WH-1000XM4, WH-1000XM5 (review), and the new WH-1000XM6 (review). The company's WF-1000XM3, WF-1000XM4, LinkBuds S, CH-720N, and ULT Wear (review) are also impacted.
Models like Jabra's Elite 8 Active, JBL's Endurance Race 2, and Live Buds 3 are also included in the list. Other prominent earbuds are Bose's QuietComfort Earbuds and Beyerdynamic's Amiron 300. Marshall's devices are also mentioned, including Acton III, Major V, Minor IV, and Motif II.
However, as noted by the researchers, the extent of vulnerable devices might be far greater, as there are smaller brands whose products come with affected chips, without even the manufacturers being aware of it.
What Should You Do? Is There a Fix?
The Taiwanese chipmaker already acknowledged the report after the security firm informed them of these vulnerabilities back in March. However, it was only in early June that Airoha released an updated SDK to manufacturers. Now, it is up to brands like Sony, Bose, and JBL to roll out the fix through software updates to affected devices.
If your devices haven't received an update yet, consider taking measures such as checking for disconnection issues while on the go or turning off Bluetooth on your device when it's not in use.
Do you have headphones affected by these vulnerabilities? Share with us in the comments.
Via: Heise Source: Insuinator
