Flaws in how 17 models of headphones and speakers use Google’s one-tap Fast Pair Bluetooth protocol have left devices open to eavesdroppers and stalkers.
Link to see devices impacted: https://whisperpair.eu/
My wired headphones dont have this issue, likely sound far better, require no batteries, and are user serviceable.
Guys, we peaked in 2012 (potentially earlier) as a race technologically, stop trying to create new grifts for billionaires.
We all laughed at the time, but The Matrix was right - civilization peaked in 1999.
laughs in 3.5mm
Laughs in the archaic technology of the 3.5mm audio jack
All the more reason to use my IEMs… At least when I’m not flying.
Why can’t you use them flying?
I think some iems aren’t designed with pressure variations in mind.
They don’t have active noise cancelling.
get a brain like mine that automagically tunes out background noise or just shuts down hearing entirely when overstimulated :3
Pff, obviously you never heard of wiretapping…
Placing a bet now: under 10% of vulnerable units will be patched within a year’s time.
the rest of the 90% of the devices are probably broken since they are so cheaply made and designed to snap or have garbage batteries that can’t hold a charge for more then 20 minutes .
I like your optimism.
I am certain that my AliExpress headphones will get updates in the next few weeks!
deleted by creator
security researchers […] are revealing a collection of vulnerabilities they found in 17 audio accessories that use Google’s Fast Pair protocol and are sold by 10 different companies: Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google itself.
So like every brand besides Apple?
And Bose and Samsung and probably a couple more.
that was an interesting talk and demo
But you need to be in close proximity (~15m max) to stalk a victim? You might as well just follow them around physically then. Perhaps when the victim is in a private location, eavesdrop on their conversation or locating their position within there, might be a possibility. But ear raping would, of course, constitute the most significant danger of all. Also WhisperPair, not WhisPair?
If you want to listen to their mic via bluetooth or whatever, yes. But there’s also this:
Some devices also support Google’s Find Hub network. This enables users to find their lost accessories using crowdsourced location reports from other Android devices. However, if an accessory has never been paired with an Android device, an attacker can add the accessory using their own Google account. This allows the attacker to track the user via the compromised accessory.
That’s literally any device. Goes all the way back to things like people setting up routers and not changing the default password so anyone else can get in. That’s just user error plain and simple.
If the devices weren’t previously linked to a Google account … then a hacker could … also link it to their Google account.
This already severely limits the pool of potential victims; but still a more practical exploit indeed. It’s almost as if this BLE tracking is a feature, rather than an exploit. And if you want to be notified of a device following you around, one has to perpetually enable BLE on their smartphone. But of course, headphone jacks are a thing of the past, and wireless is clearly the future. :)
Nothing from Samsung in the list, now I don’t feel so bad about owning a Galaxy :D
