Imagine how much data could be collected from, say, a busy gym full of people with wireless headphones, or a hotel lobby
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
downvoted for that website's super illegal "pay us to not track you" policy
Consent required for free use
I think that’s explicitly forbidden by the EU, and it’s a German domain.
I hate that. I’m looking at you Healthline. I hate that it’s always so high in the results.
This really makes me hate that we don’t have headphone jack anymore
Ive always hated phones without the 3.5mm and won't stop even if all phone manufacturers remove it
And this is why people wanted headphone jacks... and also why corporations didn't want them.
and also why corporations didn't want them.
Exactly! So they can spy on us more!
No, the real reason is it saves a few pennies per phone. They can already spy on us through the internal mic.
Unchecked consumer-grade RF signals that are broadcast in every direction are insecure??
Color me shocked!
Well, if these devices required any sort of authentication (e.g. pairing) to free access to their ram and flash, we wouldn't be having this particular story..
The site wants to share info with advertisers. I found this to be refreshingly honest.
We and our up to 185 partners use cookies and tracking technologies. Some cookies and data processing are technically necessary, others help us to improve our offer and operate it economically...
Anyway, can we get an archive link?
It’s strange to think about how complicit the public has become with this. You mean to tell me that 185 separate connections to other companies are required for me to… read an article?
Well yeah, they have to hoard your advertising data somehow. How else can they advertise things that you don't need to buy?
The website also wants to drm fingerprint you
You can get/make your own archive link by going to archive.ph and entering the article's URL.
Here's the link for this one: https://archive.ph/wUAQn
Instead of hacking Bluetooth, sounds more effective to be an "advertising partner".
Wired headphones stay winning
Hah, jokes on them, I managed to fuck my earbuds' microphones so they're useless now.
You did WHAT with them?
They don't GO there....
There's lots of money to be made by inserting a hardware back door in your product then later disclosing it as an unfixable vulnerability and force your customers to buy new hardware which has the same but different backdoor. Repeat.
So glad I use wired earbuds and refused to buy a phone that didn't support them.
LOL at the big debate I read just yesterday about how better wireless headphones are, and how useless jacks on phones are nowadays...
I will never tire of pasting this:
https://biggaybunny.tumblr.com/post/166787080920/tech-enthusiasts-everything-in-my-house-is-wired
Same. I can't find any Bluetooth headphones whose batteries don't die in 4 or 5 months anyway. Meanwhile my Moondrop wired headphones have been going strong for almost 3 years.
Got a a pair of sennheisers old enough to vote
Sounds like the attack scenario is very sophisticated and targeted, and only works within the range of Bluetooth low energy (BLE) connectivity, so 10-15 meters under best circumstances. At that point they might as well eavesdrop on my calls in person.
I think BLE is only required for the initial compromise (extracting the pairing key). After that the attack can be performed over classic BT, and can impersonate either part (headphones or phone) to the other.
It's still very targeted and sophisticated, so no reason to panic unless you have reasons to think someone with the resources could target you.
Regarding the attacks, they go way beyond eavesdropping calls, since BT headphones usually have access to contacts and smart assistants, that you can use to extract a lot more information
Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.
Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.
I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.
I had a neighbor about 6 years ago that blasted rap at full volume every evening.
rap booming in the background
one fine day
"hmmm, what were these headphones on bt again? wait... soundbar. I don't have a soundbar.
hmmm, I wonder"
device paired
Jellyfin>Artists>..... Meshuggah
Obzen
Combustion
play
Volume 100%
"I think I'll go to the store for a while!"
So how do you determine if your headphones have the vulnerable chip in them?
The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.
- Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
- Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
- JBL Live Buds 3, Endurance Race 2
- Jabra Elite 8 Active
- Bose QuietComfort Earbuds
- Beyerdynamic Amiron 300
- Jlab Epic Air Sport ANC
- Teufel Airy TWS 2
- MoerLabs EchoBeatz
- Xiaomi Redmi Buds 5 Pro
- earisMax Bluetooth Auracast Sender
ERNW emphasizes that this is only a partial list.
Guess I'm lucky to have broken the mics on mine by accidentally throwing them in the wash?