The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

Source

  • Catoblepas@piefed.blahaj.zone
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    2
    ·
    4 months ago

    Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.

    I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.

    • Goretantath@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      4 months ago

      A speaker i have from bose is always on and “sleeping” and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead… wouldnt be surprised if some headphones worked the same…

      • Catoblepas@piefed.blahaj.zone
        link
        fedilink
        English
        arrow-up
        4
        ·
        4 months ago

        It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.

        • Dave.@aussie.zone
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          4 months ago

          It’s BLE - Bluetooth Low Energy.

          Basically devices with BLE can listen for a wake-up command and turn on, similar to the “magic packet” of wake on Ethernet.

          Super convenient for “find my device” applications, also nice to be able to connect and activate the device without having to press a power button like a peasant.

          It also means that most devices with BLE end up flat within a month. I had a speaker with BLE and had to deliberately download a much older version of the Android partner app to turn it off, as they dropped the option to do so in later versions for “convenience”. With BLE on it would be flat in about 6 weeks regardless of whether I’d used it or not , which really ruined ad-hoc usage for me.

      • entwine413@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        4 months ago

        A smart outlet (and running home assistant) will solve that problem.