this post was submitted on 27 Jun 2025
444 points (98.1% liked)

Technology

71995 readers
3486 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
444
Zero-day: Bluetooth gap turns millions of headphones into listening stations (www.heise.de)
submitted 1 day ago by rodneyck@lemmy.dbzer0.com to c/technology@lemmy.world
106 comments fedilink hide all child comments
 

The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

Source

(page 2) 50 comments
sorted by: hot top controversial new old
[–] bridgeenjoyer@sh.itjust.works 5 points 17 hours ago

Yep I only use wired...

[–] joyjoy@lemmy.zip 39 points 1 day ago* (last edited 1 day ago) (1 children)

There's lots of money to be made by inserting a hardware back door in your product then later disclosing it as an unfixable vulnerability and force your customers to buy new hardware which has the same but different backdoor. Repeat.

[–] MalReynolds@aussie.zone 6 points 22 hours ago

Thanks, I hate it. Vulnerable to your competitor red teaming it tho...

[–] underline960@sh.itjust.works 7 points 19 hours ago

Archive link: archive.ph/wUAQn

[–] PattyMcB@lemmy.world 13 points 22 hours ago (1 children)

What is that site asking me to agree to? No thanks

load more comments (1 replies)
[–] Vanilla_PuddinFudge@infosec.pub 18 points 1 day ago (2 children)

I had a neighbor about 6 years ago that blasted rap at full volume every evening.

rap booming in the background

one fine day

"hmmm, what were these headphones on bt again? wait... soundbar. I don't have a soundbar.

hmmm, I wonder"

device paired

Jellyfin>Artists>..... Meshuggah

Obzen

Combustion

play

Volume 100%

"I think I'll go to the store for a while!"

[–] Mbourgon@lemmy.world 5 points 23 hours ago (1 children)

Elastic would’ve been amazing (among other things, it has all songs on the album laid on top of another, playing simultaneously)

[–] IndustryStandard@lemmy.world 5 points 23 hours ago (1 children)

This one is great for destroying speakers: warning super loud (turn down your volume before playing) https://m.soundcloud.com/osium-1/official-paul-walker-tribute-fast-and-furious-7

[–] Krudler@lemmy.world 2 points 17 hours ago (1 children)

Good Lord! Thank you for the warning! On lowest audible phone volume it blew me away lol

What is that and why does it exist??

load more comments (1 replies)
load more comments (1 replies)
[–] ShittyBeatlesFCPres@lemmy.world 27 points 1 day ago (3 children)

Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.

[–] just_another_person@lemmy.world 9 points 1 day ago

A fine choice though.

[–] homesweethomeMrL@lemmy.world 5 points 1 day ago (1 children)

Awwwwwwwwwwwwww YAH

load more comments (1 replies)
[–] motor_spirit@lemmy.world 4 points 1 day ago

Shitty Beatles & the meters.. I'll follow you anywhere

[–] Catoblepas@piefed.blahaj.zone 23 points 1 day ago (1 children)

Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.

I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.

[–] Goretantath@lemmy.world 8 points 1 day ago (3 children)

A speaker i have from bose is always on and "sleeping" and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead.. wouldnt be surprised if some headphones worked the same..

[–] entwine413@lemm.ee 3 points 1 day ago

A smart outlet (and running home assistant) will solve that problem.

load more comments (2 replies)
[–] sp3ctr4l@lemmy.dbzer0.com 10 points 22 hours ago (1 children)

... and this is why I don't use bluetooth on anything.

[–] rodneyck@lemmy.dbzer0.com 10 points 22 hours ago (1 children)

I never have it enabled unless I am in the car driving and need driving directions or listening to music/podcasts. I prefer wired headphones, but manufacturers are making that difficult.

[–] corsicanguppy@lemmy.ca 2 points 20 hours ago

Because they can't sell you more Bluetooth crap if they give you a choice.

Stop buying no-Jack phones.

[–] homesweethomeMrL@lemmy.world 12 points 1 day ago

They said I was mad when they removed the headphone jack - well who’s mad now??! AHAHahahahaaaaaaahhhhcrap it’s me.

I’m still mad. Fuckers.

[–] cmnybo@discuss.tchncs.de 21 points 1 day ago (6 children)

So how do you determine if your headphones have the vulnerable chip in them?

[–] hendu@lemmy.dbzer0.com 9 points 1 day ago

According to the article, headphones using a Bluetooth SoC manufactured by Airoha may be vulnerable. So, need to find if your headphones use their SoC.

[–] rodneyck@lemmy.dbzer0.com 7 points 1 day ago

You will need to do some research on your headphones, I guess.

load more comments (4 replies)
[–] turkalino@lemmy.yachts 7 points 1 day ago (1 children)

I was hoping this would allow me to take over Bluetooth speakers that people use while skiing and replace their music with a PSA about how no one wants to hear their music

Most annoying people on the mountain

[–] doc@fedia.io 6 points 1 day ago (1 children)

Or public transit. Or public parks. Or grocery stores.

[–] corsicanguppy@lemmy.ca 1 points 19 hours ago

Yesss. Find that sploit and please let it never be fixable. I didn't download a copy of The Wheels On The Bus for nothing.

[–] SoleInvictus@lemmy.blahaj.zone 2 points 19 hours ago

You can get/make your own archive link by going to archive.ph and entering the article's URL.

Here's the link for this one: https://archive.ph/wUAQn

[–] ter_maxima@jlai.lu 4 points 1 day ago

This is why I chose to get a Corsair Virtuoso, which has a removable microphone.

[–] testuserpleaseupvote@lemmy.world 3 points 1 day ago* (last edited 1 day ago)

My Redmi buds 5 had a firmware update available for me in the app. It could be an older one though, their patch notes suck and don't even say the date. v4.3.8.8

[–] pineapplelover@lemm.ee 2 points 22 hours ago

Alright now how do I test this out

load more comments
view more: ‹ prev next ›