Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
You Need to Check Your Wireless Headphones for Updates, Right Now (Gizmodo) [View all]
https://gizmodo.com/you-need-to-check-your-wireless-headphones-for-updates-right-now-2000710714Hundreds of millions of wireless headphones, earbuds, and speakers utilize Google’s Fast Pair, a protocol that allows one-tap pairing between Bluetooth accessories and your device. But many of these products have not implemented the Fast Pair technology correctly, a group of researchers from Belgium’s KU Leuven University found, making your wireless device vulnerable to attacks.
By using the Bluetooth vulnerability, attackers can gain complete control of your device, use your microphone to spy on your conversations, or even track your location via Google’s Find Hub network. The attacker only needs to be within a 14-meter (aka roughly 46 feet) radius for the attack the researchers have dubbed “WhisperPair” to succeed in a matter of seconds.
Here’s where the Fast Pairing goes wrong. Normally, your device should disregard pairing requests if it’s not in pairing mode. But many devices fail to enforce that check, the researchers say, allowing unauthorized devices to start the pairing process and finish it by a simple regular Bluetooth pairing.
For location tracking, the attackers can make use of Google’s Find Hub network, which would normally allow Android devices to track lost accessories via crowdsourced location reports. But you’re still vulnerable to tracking even if you have never owned an Android device, because the attacker can add the compromised accessory to the Find Hub network themselves using their own Google account.
-snip-
By using the Bluetooth vulnerability, attackers can gain complete control of your device, use your microphone to spy on your conversations, or even track your location via Google’s Find Hub network. The attacker only needs to be within a 14-meter (aka roughly 46 feet) radius for the attack the researchers have dubbed “WhisperPair” to succeed in a matter of seconds.
Here’s where the Fast Pairing goes wrong. Normally, your device should disregard pairing requests if it’s not in pairing mode. But many devices fail to enforce that check, the researchers say, allowing unauthorized devices to start the pairing process and finish it by a simple regular Bluetooth pairing.
For location tracking, the attackers can make use of Google’s Find Hub network, which would normally allow Android devices to track lost accessories via crowdsourced location reports. But you’re still vulnerable to tracking even if you have never owned an Android device, because the attacker can add the compromised accessory to the Find Hub network themselves using their own Google account.
-snip-
Much more at the link, including how to fix this, plus a couple of paragraphs on Kamala Harris warning that wireless earbuds aren't secure.
7 replies
= new reply since forum marked as read
= new reply since forum marked as read