The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

Source

  • atlien51@lemm.eeEnglish
    281·
    8 hours ago

    This really makes me hate that we don’t have headphone jack anymore

  • skisnow@lemmy.caEnglish
    542·
    11 hours ago

    downvoted for that website’s super illegal “pay us to not track you” policy

  • SCmSTR@lemmy.blahaj.zoneEnglish
    544·
    17 hours ago

    Unchecked consumer-grade RF signals that are broadcast in every direction are insecure??

    Color me shocked!

    • flux@lemmy.ml
      English
      6·
      9 hours ago

      Well, if these devices required any sort of authentication (e.g. pairing) to free access to their ram and flash, we wouldn’t be having this particular story…

  • MNByChoice@midwest.socialEnglish
    69·
    20 hours ago

    The site wants to share info with advertisers. I found this to be refreshingly honest.

    We and our up to 185 partners use cookies and tracking technologies. Some cookies and data processing are technically necessary, others help us to improve our offer and operate it economically…

    Anyway, can we get an archive link?

  • Redex@lemmy.worldEnglish
    21·
    17 hours ago

    Hah, jokes on them, I managed to fuck my earbuds’ microphones so they’re useless now.

  • solrize@lemmy.mlEnglish
    211·
    18 hours ago

    So glad I use wired earbuds and refused to buy a phone that didn’t support them.

    • SharkAttak@kbin.melroy.org
      6·
      8 hours ago

      LOL at the big debate I read just yesterday about how better wireless headphones are, and how useless jacks on phones are nowadays…

    • Someonelol@lemmy.dbzer0.comEnglish
      131·
      16 hours ago

      Same. I can’t find any Bluetooth headphones whose batteries don’t die in 4 or 5 months anyway. Meanwhile my Moondrop wired headphones have been going strong for almost 3 years.

      • Zeoic@lemmy.worldEnglish
        81·
        16 hours ago

        My sony earbuds lasted 5 years before I decided to replace the batteries in them, which cost me $20 and 30 min. I would hope other earbuds wouldnt die in only half a year

          • Zeoic@lemmy.worldEnglish
            1·
            8 hours ago

            Mine are the WF1000XM3

            I still have never heard noise cancellation as good as those ones. I have a couple other pairs of earbuds as well, one set for side sleeping, and one set for water. I like to listen to audiobooks in the shower and the IPX7 ones have held up great

            • Squizzy@lemmy.worldEnglish
              2·
              7 hours ago

              I want exactly this set up. I need different ones for bedtime, swimming and everyday wear

              • Zeoic@lemmy.worldEnglish
                1·
                7 hours ago

                Well, I can recommend the soundcore anker life A1 earbuds for swimming, and the soundcore sleep A20 for low profile earbuds that dont stick out of your ear. Went through atleast 4 sets (wired and wireless) of earbuds for each until settling on these.

                • Squizzy@lemmy.worldEnglish
                  1·
                  2 hours ago

                  Just FYI, I would imagine anker have plenty of exploits but I appreiate the recommendations.

        • Someonelol@lemmy.dbzer0.comEnglish
          62·
          15 hours ago

          To be fair I kept buying models that cost $20 to $30 so maybe the higher end ones would last longer. That said, my Moondrops wired headphones cost the same but are way more reliable.

  • viking@infosec.pubEnglish
    251·
    20 hours ago

    Sounds like the attack scenario is very sophisticated and targeted, and only works within the range of Bluetooth low energy (BLE) connectivity, so 10-15 meters under best circumstances. At that point they might as well eavesdrop on my calls in person.

    • wintermute@discuss.tchncs.deEnglish
      9·
      12 hours ago

      I think BLE is only required for the initial compromise (extracting the pairing key). After that the attack can be performed over classic BT, and can impersonate either part (headphones or phone) to the other.
      It’s still very targeted and sophisticated, so no reason to panic unless you have reasons to think someone with the resources could target you.
      Regarding the attacks, they go way beyond eavesdropping calls, since BT headphones usually have access to contacts and smart assistants, that you can use to extract a lot more information

    • solrize@lemmy.mlEnglish
      6·
      17 hours ago

      10-15 meters might be good enough to conduct the attack from a neighboring office or apartment, while actual eavesdropping is not so easy.

    • joel_feila@lemmy.worldEnglish
      7·
      18 hours ago

      Honey i got to go there is a man outside our window with a lapton and an radio antenna "Ignore the man outside your window and just read off your credit card number

    • tal@lemmy.todayEnglish
      874·
      21 hours ago

      I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it’s probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it’s got a headphones jack. I don’t think that the standard is going to vanish anytime soon in general.

      I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren’t doing it for no reason.

      • From what I’ve read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I’d rather just have a thicker phone, but a lot of people wouldn’t, and if you’re going all over the phone trying to figure out what to eject to buy more space, that’s gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a small USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use the USB-C port for charging).

      • A second issue was that the standard didn’t have a way to provide power (there was a now-dead extension from many years back, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn’t matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there’s a solid reason to want to power headphones.

      • The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.

      • USB-C is designed so that the springy tensioning stuff that’s there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand from past reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones as mini-USB, but I think that it’s probably fair to say that it’s desirable to have the tensioning on the cord side.

      • On USB-C, the right part breaks. One irritation I have with USB-C is that it is…kind of flimsy. Like, it doesn’t require that much force pushing on a plug sideways to damage a plug. However — and I don’t know if this was a design goal for USB-C, though I suspect it was — my experience has been that if that happens, it’s the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I’ve damaged several USB-C cables, but I’ve never damaged the device they’re connected to while doing so.

      On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.

      EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can’t really change the internal DAC. I don’t know about other people, but last phone I had that did have an audio jack would let through a “wub wub wub” sound when I was charging it on USB off my car’s 12V cigarette lighter adapter — dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car’s stereo via its AUX port. That’s very much avoidable for the manufacturer by putting some filtering on the DAC’s power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn’t do it, maybe to save space or money. That’s not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone’s DAC out of the equation. The phone’s internal DAC worked fine when the phone wasn’t charging, but I wanted to have the phone plugged in for (battery hungry) navigation stuff when I was driving.

      • Bob Robertson IX @discuss.tchncs.deEnglish
        39·
        24 hours ago

        I’d rather just have a thicker phone, but a lot of people wouldn’t

        I think this is a case where the corporations were telling people what they wanted rather than people really asking for thinner phones. Same thing with bezels, I don’t know anyone who asked for the screen to go all the way to the edge (or worse, curve around onto the sides). Apple and Samsung said ‘this is what people want’ when in fact it was what their marketing department wanted because they wouldn’t be able to sell the iGalaxy N+1 if it was slightly thicker or heavier than the iGalaxy N.

      • setVeryLoud(true);@lemmy.caEnglish
        11·
        21 hours ago

        Honestly I’d be happy with a phone sporting two USB C ports, one centered and one off to the side where the headphone jack used to be, both fully functional.

      • Unboxious@ani.socialEnglish
        151·
        24 hours ago

        That’s great and all but I’m not switching to Bluetooth headphones and I’m definitely not going to fiddle around with dongles every time I switch between listening on my phone and my PC. Phones are gigantic anyways; let my have my headphone jack. I don’t think it’s a coincidence that all these smartphone manufacturers that ditched the old standard will happily sell you shiny expensive disposable wireless earbuds.

        • baguettefish@discuss.tchncs.deEnglish
          46·
          23 hours ago

          as someone has been fiddling with dongles for years, it’s not that bad, and you can just permanently connect your headphones to your dongle. the apple dongle is excellent and beyond enough for iems and a lot of headphones. I personally have one dongle + iems for my phone and another dongle + headphones for my PC, and that setup works really well for me. You might want to consider it. Otherwise, those big beefy Bluetooth headphones might be semi-repairable, and there are of course also Fairphone Bluetooth earbuds that are apparently fairly repairable (though I know nothing about those). At least you can replace the batteries and the ear tips or pads, and that’s usually enough to last you a decade with these things.

          • Unboxious@ani.socialEnglish
            125·
            23 hours ago

            you can just permanently connect your headphones to your dongle

            No. Fuck that. My PC has a headphone jack, and I use it. I don’t have a bunch of extra USB-C ports on the front of my computer. Modern phones have plenty of spaces for headphone jacks. They could put it there, they just don’t want to.

            • corsicanguppy@lemmy.caEnglish
              4·
              20 hours ago

              I used a USB connection through my KVM to connect to one computer or the next. But it’s just something to plug my headphones into the 3.5mm jack.

              Since it never gets unplugged, it doesn’t get lost; unlike all those “just have this snowflake dongle in one of all of your stuff so it can get lost monthly and you can buy another” people.

              Again: my startac 7800 had a jack and it was tiny. Apple and Samsung have NO EXCUSE.

            • baguettefish@discuss.tchncs.deEnglish
              27·
              23 hours ago

              phones are already very full and dense, and a headphone jack is a very large component. plus, the Bluetooth is simply part of the small SoC, it’s a microscopic size. That doesn’t mean I prefer Bluetooth, but it makes some sense.

      • gloktawasright@lemm.eeEnglish
        51·
        20 hours ago

        I know someone who works somewhat high up at Apple and he told me another reason was that they really wanted to improve the water proofing.

        • corsicanguppy@lemmy.caEnglish
          63·
          20 hours ago

          That’s just gaslighting. Other phones had audio jacks, water protection, and you didn’t have to hold them funny.

          My bro is a huge apple kool-aid guy and he spouts their dogma word-for-word.

    • Buelldozer@lemmy.todayEnglish
      122·
      22 hours ago

      Eh, you’re assigning an awful lot of malice with no real reason. A smartphone manufacturer already has access to the kind of data exposed in this attack, regardless of whether the headphones were hooked up with wires or bluetooth.

      Samsung, Apple, Xaomi, Huwaei or whoever else doesn’t need some stupid BT vulnerability to know what attached devices like headphone are up too. They already have root level access to the phones hardware.

      • entwine413@lemm.eeEnglish
        171·
        1 day ago

        No, the real reason is it saves a few pennies per phone. They can already spy on us through the internal mic.

        • QuarterSwede@lemmy.worldEnglish
          4·
          17 hours ago

          It’s always about the money. Everyone else yelling about them spying, they’ll only do that if it makes them more money.

      • Snot Flickerman@lemmy.blahaj.zoneEnglish
        121·
        1 day ago

        The only time a hacker is going to target you like this is if you’re an extremely high value target like a CEO or if you’re in the crosshairs of a nation-state. The average hacker isn’t going to waste this kind of effort to hack someone with $200 in their bank account and no power over anything or anyone.

  • unalivejoy@lemmy.zipEnglish
    423·
    1 day ago

    There’s lots of money to be made by inserting a hardware back door in your product then later disclosing it as an unfixable vulnerability and force your customers to buy new hardware which has the same but different backdoor. Repeat.

    • viking@infosec.pubEnglish
      12·
      20 hours ago

      GDPR. First time opening a European website? German ones like this are particularly transparent (by law, not choice).

  • Vanilla_PuddinFudge@infosec.pubEnglish
    213·
    24 hours ago

    I had a neighbor about 6 years ago that blasted rap at full volume every evening.

    rap booming in the background

    one fine day

    "hmmm, what were these headphones on bt again? wait… soundbar. I don’t have a soundbar.

    hmmm, I wonder"

    device paired

    Jellyfin>Artists>… Meshuggah

    Obzen

    Combustion

    play

    Volume 100%

    “I think I’ll go to the store for a while!”

    • TryingSomethingNew@lemmy.worldEnglish
      5·
      24 hours ago

      Elastic would’ve been amazing (among other things, it has all songs on the album laid on top of another, playing simultaneously)

    • Jarix@lemmy.worldEnglish
      11·
      15 hours ago

      My old FM BT transmitter that let me connect to my car had a surprising range, bout about a 100ft in every direction which as I understand it they aren’t supposed to be that strong. (Scosche brand from Best Buy)

      Used to tune it to the popular country station and jam everyone around me from listening to that station, which made me happy. Couple times when there was a particularly loud or obnoxious driver…I definately didn’t blast porn hub with my stereo off in my car…

      Tangent.

      One of my last concerts I went to was Meshuggah

      Had a great time.