this post was submitted on 27 Jun 2025
508 points (96.9% liked)

Technology

72217 readers
3391 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

Source

top 50 comments
sorted by: hot top controversial new old
[–] Zorsith@lemmy.blahaj.zone 4 points 2 days ago* (last edited 2 days ago)

Imagine how much data could be collected from, say, a busy gym full of people with wireless headphones, or a hotel lobby

[–] skisnow@lemmy.ca 93 points 4 days ago (3 children)

downvoted for that website's super illegal "pay us to not track you" policy

[–] JuxtaposedJaguar@lemmy.ml 41 points 3 days ago

Consent required for free use

I think that’s explicitly forbidden by the EU, and it’s a German domain.

[–] theherk@lemmy.world 10 points 3 days ago

I hate that. I’m looking at you Healthline. I hate that it’s always so high in the results.

load more comments (1 replies)
[–] atlien51@lemm.ee 66 points 4 days ago (4 children)

This really makes me hate that we don’t have headphone jack anymore

[–] underscores@lemmy.zip 13 points 3 days ago* (last edited 3 days ago) (8 children)

Ive always hated phones without the 3.5mm and won't stop even if all phone manufacturers remove it

load more comments (8 replies)
load more comments (3 replies)
[–] SnotFlickerman@lemmy.blahaj.zone 135 points 4 days ago* (last edited 4 days ago) (27 children)

And this is why people wanted headphone jacks... and also why corporations didn't want them.

[–] BubblyRomeo@kbin.earth 22 points 4 days ago (1 children)

and also why corporations didn't want them.

Exactly! So they can spy on us more!

[–] entwine413@lemm.ee 21 points 4 days ago (1 children)

No, the real reason is it saves a few pennies per phone. They can already spy on us through the internal mic.

load more comments (1 replies)
load more comments (26 replies)
[–] SCmSTR@lemmy.blahaj.zone 66 points 4 days ago (1 children)

Unchecked consumer-grade RF signals that are broadcast in every direction are insecure??

Color me shocked!

[–] flux@lemmy.ml 10 points 4 days ago

Well, if these devices required any sort of authentication (e.g. pairing) to free access to their ram and flash, we wouldn't be having this particular story..

[–] MNByChoice@midwest.social 81 points 4 days ago (4 children)

The site wants to share info with advertisers. I found this to be refreshingly honest.

We and our up to 185 partners use cookies and tracking technologies. Some cookies and data processing are technically necessary, others help us to improve our offer and operate it economically...

Anyway, can we get an archive link?

[–] trashboat@midwest.social 80 points 4 days ago (1 children)

It’s strange to think about how complicit the public has become with this. You mean to tell me that 185 separate connections to other companies are required for me to… read an article?

[–] ipkpjersi@lemmy.ml 24 points 4 days ago* (last edited 4 days ago)

Well yeah, they have to hoard your advertising data somehow. How else can they advertise things that you don't need to buy?

[–] ugjka@lemmy.world 21 points 3 days ago

The website also wants to drm fingerprint you

[–] SoleInvictus@lemmy.blahaj.zone 24 points 4 days ago (1 children)

You can get/make your own archive link by going to archive.ph and entering the article's URL.

Here's the link for this one: https://archive.ph/wUAQn

load more comments (1 replies)
[–] Lumisal@lemmy.world 16 points 4 days ago

Instead of hacking Bluetooth, sounds more effective to be an "advertising partner".

[–] sharkfucker420@lemmy.ml 52 points 4 days ago

Wired headphones stay winning

[–] Redex68@lemmy.world 26 points 4 days ago (6 children)

Hah, jokes on them, I managed to fuck my earbuds' microphones so they're useless now.

[–] HiTekRedNek@lemmy.world 22 points 4 days ago

You did WHAT with them?

They don't GO there....

load more comments (5 replies)
[–] joyjoy@lemmy.zip 42 points 4 days ago* (last edited 4 days ago) (1 children)

There's lots of money to be made by inserting a hardware back door in your product then later disclosing it as an unfixable vulnerability and force your customers to buy new hardware which has the same but different backdoor. Repeat.

load more comments (1 replies)
[–] solrize@lemmy.ml 23 points 4 days ago (2 children)

So glad I use wired earbuds and refused to buy a phone that didn't support them.

[–] SharkAttak@kbin.melroy.org 10 points 4 days ago (1 children)

LOL at the big debate I read just yesterday about how better wireless headphones are, and how useless jacks on phones are nowadays...

[–] Someonelol@lemmy.dbzer0.com 14 points 4 days ago (8 children)

Same. I can't find any Bluetooth headphones whose batteries don't die in 4 or 5 months anyway. Meanwhile my Moondrop wired headphones have been going strong for almost 3 years.

[–] Taleya@aussie.zone 4 points 3 days ago

Got a a pair of sennheisers old enough to vote

load more comments (7 replies)
[–] viking@infosec.pub 25 points 4 days ago (4 children)

Sounds like the attack scenario is very sophisticated and targeted, and only works within the range of Bluetooth low energy (BLE) connectivity, so 10-15 meters under best circumstances. At that point they might as well eavesdrop on my calls in person.

[–] wintermute@discuss.tchncs.de 14 points 4 days ago* (last edited 4 days ago)

I think BLE is only required for the initial compromise (extracting the pairing key). After that the attack can be performed over classic BT, and can impersonate either part (headphones or phone) to the other.
It's still very targeted and sophisticated, so no reason to panic unless you have reasons to think someone with the resources could target you.
Regarding the attacks, they go way beyond eavesdropping calls, since BT headphones usually have access to contacts and smart assistants, that you can use to extract a lot more information

load more comments (3 replies)
[–] ShittyBeatlesFCPres@lemmy.world 28 points 4 days ago (4 children)

Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.

load more comments (4 replies)
[–] Catoblepas@piefed.blahaj.zone 26 points 4 days ago (4 children)

Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.

I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.

load more comments (4 replies)
[–] Vanilla_PuddinFudge@infosec.pub 19 points 4 days ago (5 children)

I had a neighbor about 6 years ago that blasted rap at full volume every evening.

rap booming in the background

one fine day

"hmmm, what were these headphones on bt again? wait... soundbar. I don't have a soundbar.

hmmm, I wonder"

device paired

Jellyfin>Artists>..... Meshuggah

Obzen

Combustion

play

Volume 100%

"I think I'll go to the store for a while!"

load more comments (5 replies)
[–] cmnybo@discuss.tchncs.de 21 points 4 days ago (3 children)

So how do you determine if your headphones have the vulnerable chip in them?

[–] Almonds@mander.xyz 57 points 4 days ago (5 children)

The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.

  • Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
  • Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
  • JBL Live Buds 3, Endurance Race 2
  • Jabra Elite 8 Active
  • Bose QuietComfort Earbuds
  • Beyerdynamic Amiron 300
  • Jlab Epic Air Sport ANC
  • Teufel Airy TWS 2
  • MoerLabs EchoBeatz
  • Xiaomi Redmi Buds 5 Pro
  • earisMax Bluetooth Auracast Sender

ERNW emphasizes that this is only a partial list.

Source

wf-1000XM3 connected, playing Cissy Strut

Guess I'm lucky to have broken the mics on mine by accidentally throwing them in the wash?

load more comments (4 replies)
load more comments (2 replies)
[–] PattyMcB@lemmy.world 15 points 4 days ago (2 children)

What is that site asking me to agree to? No thanks

load more comments (2 replies)
load more comments
view more: next ›