Technology

78785 readers

4330 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

288

Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking (www.wired.com)

submitted 1 day ago by dance_ninja@lemmy.world to c/technology@lemmy.world

75 comments fedilink hide all child comments

Flaws in how 17 models of headphones and speakers use Google’s one-tap Fast Pair Bluetooth protocol have left devices open to eavesdroppers and stalkers.

Link to see devices impacted: https://whisperpair.eu/

you are viewing a single comment's thread
view the rest of the comments

[–] fort_burp@feddit.nl 22 points 16 hours ago (3 children)

GOOGLE DESIGNED THE wireless protocol known as Fast Pair to optimize for ultra-convenient connections: It lets users connect their Bluetooth gadgets with Android and ChromeOS devices in a single tap.

Bluetooth pairing is not a difficult process, imagine creating a whole new attack vector for that. And of course security was an afterthought. Capitalism is amazing for wasting resources and getting bad results for it.

[–] zarenki@lemmy.ml 2 points 1 hour ago (1 children)

I think it's far more common for devices to get pairing wrong than to get it right.

Just a few of the very common issues I've seen in various devices:

TVs that are constantly in discoverable mode, even when the screen is off. Just in case the owner loses their remote and wants to pair a new one without reaching behind the TV to press a button. No way of avoiding this except disabling Bluetooth entirely, which makes the stock remote lose either partial or all functionality. Pairing requests also interrupt whatever you're watching.
Audio devices that have a very short delay after turning on and waiting for any already-paired devices to connect before switching over to a pairing mode instead. So short that a smartphone in a low-power state (e.g. because you haven't unlocked it for a few minutes) might not connect in time. Most if not all of the bluetooth-to-3.5mm receivers intended for older cars seem to share this problem.
Pairing codes are extremely underused in general, even among input devices. Most things seem to just pair with whoever sends a request first unconditionally.

[–] ragebutt@lemmy.dbzer0.com 1 points 1 hour ago

On this note: if you root your webos tv there’s an app to truly disable Bluetooth, assuming you don’t use it. Imagine my surprise when one day my tv turned on with a request to allow my neighbors phone to connect to it? Modern convenience. I’m sure my neighbor just fat fingered the device list while trying to connect something else but the fact that it was even an option is absurd

[–] Taleya@aussie.zone 1 points 7 hours ago

Given its google I would really not be surprised if it were a feature, not a bug

[–] dance_ninja@lemmy.world 3 points 11 hours ago

I'd agree security needs more attention when developing protocols and products, and, I'd also consider Bluetooth simple. That being said, I know plenty of folks that don't like the Bluetooth pairing process, especially those without a technical background.

Fast Pair is really convenient, and I'd say it can open the door for a lot of new experiences, but I do wish the developers put more effort into their TARA.