this post was submitted on 27 Jun 2025
510 points (96.9% liked)

Technology

72068 readers
2455 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
510
Zero-day: Bluetooth gap turns millions of headphones into listening stations (www.heise.de)
submitted 3 days ago by rodneyck@lemmy.dbzer0.com to c/technology@lemmy.world
125 comments fedilink hide all child comments
 

The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

Source

(page 2) 50 comments
sorted by: hot top controversial new old
[–] Catoblepas@piefed.blahaj.zone 26 points 2 days ago (1 children)

Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.

I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.

[–] Goretantath@lemmy.world 10 points 2 days ago (3 children)

A speaker i have from bose is always on and "sleeping" and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead.. wouldnt be surprised if some headphones worked the same..

load more comments (3 replies)
[–] Vanilla_PuddinFudge@infosec.pub 19 points 2 days ago (5 children)

I had a neighbor about 6 years ago that blasted rap at full volume every evening.

rap booming in the background

one fine day

"hmmm, what were these headphones on bt again? wait... soundbar. I don't have a soundbar.

hmmm, I wonder"

device paired

Jellyfin>Artists>..... Meshuggah

Obzen

Combustion

play

Volume 100%

"I think I'll go to the store for a while!"

load more comments (5 replies)
[–] PattyMcB@lemmy.world 15 points 2 days ago (2 children)

What is that site asking me to agree to? No thanks

[–] viking@infosec.pub 12 points 2 days ago

GDPR. First time opening a European website? German ones like this are particularly transparent (by law, not choice).

load more comments (1 replies)
[–] cmnybo@discuss.tchncs.de 21 points 2 days ago (8 children)

So how do you determine if your headphones have the vulnerable chip in them?

[–] hendu@lemmy.dbzer0.com 9 points 2 days ago

According to the article, headphones using a Bluetooth SoC manufactured by Airoha may be vulnerable. So, need to find if your headphones use their SoC.

[–] rodneyck@lemmy.dbzer0.com 9 points 2 days ago

You will need to do some research on your headphones, I guess.

load more comments (6 replies)
[–] homesweethomeMrL@lemmy.world 16 points 2 days ago

They said I was mad when they removed the headphone jack - well who’s mad now??! AHAHahahahaaaaaaahhhhcrap it’s me.

I’m still mad. Fuckers.

[–] turkalino@lemmy.yachts 12 points 2 days ago (1 children)

I was hoping this would allow me to take over Bluetooth speakers that people use while skiing and replace their music with a PSA about how no one wants to hear their music

Most annoying people on the mountain

[–] doc@fedia.io 10 points 2 days ago (1 children)

Or public transit. Or public parks. Or grocery stores.

load more comments (1 replies)
[–] sp3ctr4l@lemmy.dbzer0.com 10 points 2 days ago (1 children)

... and this is why I don't use bluetooth on anything.

[–] rodneyck@lemmy.dbzer0.com 11 points 2 days ago (1 children)

I never have it enabled unless I am in the car driving and need driving directions or listening to music/podcasts. I prefer wired headphones, but manufacturers are making that difficult.

load more comments (1 replies)
[–] underline960@sh.itjust.works 7 points 2 days ago

Archive link: archive.ph/wUAQn

[–] bridgeenjoyer@sh.itjust.works 5 points 2 days ago

Yep I only use wired...

load more comments
view more: ‹ prev next ›