Zero-day: Bluetooth gap turns millions of headphones into listening stations
Zero-day: Bluetooth gap turns millions of headphones into listening stations
The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.
The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.
You're viewing a single thread.
So how do you determine if your headphones have the vulnerable chip in them?
The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.
- Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
- Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
- JBL Live Buds 3, Endurance Race 2
- Jabra Elite 8 Active
- Bose QuietComfort Earbuds
- Beyerdynamic Amiron 300
- Jlab Epic Air Sport ANC
- Teufel Airy TWS 2
- MoerLabs EchoBeatz
- Xiaomi Redmi Buds 5 Pro
- earisMax Bluetooth Auracast Sender
ERNW emphasizes that this is only a partial list.
Sony WH-1000XM4/5/6
I don't have one of those, but they're pretty popular as headphones with good ANC.
Jlab Epic Air Sport ANC
I do have those, though.
Yeah. I have the previous version of the WH which seems not affected, but I also have the WF 3 which unfortunately seems to be.
Many people have sony headphones with thise chips.
Damn that's pretty big, hopefully they update and give a final list of affected devices. Not to mention, gotta pray the devices will see software updates to try and mitigate it.
According to the article, headphones using a Bluetooth SoC manufactured by Airoha may be vulnerable. So, need to find if your headphones use their SoC.
You will need to do some research on your headphones, I guess.