Zero-day: Bluetooth gap turns millions of headphones into listening stations
(www.heise.de)
from rodneyck@lemmy.dbzer0.com to technology@lemmy.world on 27 Jun 2025 17:40
https://lemmy.dbzer0.com/post/47752073
from rodneyck@lemmy.dbzer0.com to technology@lemmy.world on 27 Jun 2025 17:40
https://lemmy.dbzer0.com/post/47752073
The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.
threaded - newest
So how do you determine if your headphones have the vulnerable chip in them?
You will need to do some research on your headphones, I guess.
Source
I don’t have one of those, but they’re pretty popular as headphones with good ANC.
I do have those, though.
Yeah. I have the previous version of the WH which seems not affected, but I also have the WF 3 which unfortunately seems to be.
Many people have sony headphones with those chips.
Yeah, ive got a pair of the WF 3 too, now ive gotta be watching this…
Damn that’s pretty big, hopefully they update and give a final list of affected devices. Not to mention, gotta pray the devices will see software updates to try and mitigate it.
<img alt="wf-1000XM3 connected, playing Cissy Strut" src="https://lemmy.blahaj.zone/pictrs/image/d18608d6-3db7-4ed4-acb2-7d89400cc51e.webp">
Guess I’m lucky to have broken the mics on mine by accidentally throwing them in the wash?
According to the article, headphones using a Bluetooth SoC manufactured by Airoha may be vulnerable. So, need to find if your headphones use their SoC.
Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.
A fine choice though.
Shitty Beatles & the meters… I’ll follow you anywhere
Awwwwwwwwwwwwww YAH
Namana naanaa, bum darum du da… dadam da da!
And this is why people wanted headphone jacks… and also why corporations didn’t want them.
Exactly! So they can spy on us more!
No, the real reason is it saves a few pennies per phone. They can already spy on us through the internal mic.
It’s always about the money. Everyone else yelling about them spying, they’ll only do that if it makes them more money.
I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it’s probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it’s got a headphones jack. I don’t think that the standard is going to vanish anytime soon in general.
I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren’t doing it for no reason.
From what I’ve read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I’d rather just have a thicker phone, but a lot of people wouldn’t, and if you’re going all over the phone trying to figure out what to eject to buy more space, that’s gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a small USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use the USB-C port for charging).
A second issue was that the standard didn’t have a way to provide power (there was a now-dead extension from many years back, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn’t matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there’s a solid reason to want to power headphones.
The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.
USB-C is designed so that the springy tensioning stuff that’s there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand from past reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones as mini-USB, but I think that it’s probably fair to say that it’s desirable to have the tensioning on the cord side.
On USB-C, the right part breaks. One irritation I have with USB-C is that it is…kind of flimsy. Like, it doesn’t require that much force pushing on a plug sideways to damage a plug. However — and I don’t know if this was a design goal for USB-C, though I suspect it was — my experience has been that if that happens, it’s the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I’ve damaged several USB-C cables, but I’ve never damaged the device they’re connected to while doing so.
On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.
EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can’t really change the internal DAC. I don’t know about other people, but last phone I had that did have an audio jack would let through a “wub wub wub” sound when I was charging it on USB off my car’s 12V cigarette lighter adapter — dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car’s stereo via its AUX port. That’s very much avoidable for the manufacturer by putting some filtering on the DAC’s power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn’t do it, maybe to save space or money. That’s not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone’s DAC out of the equation. The phone’s internal DAC worked fine when the phone wasn’t charging, but I wanted to have the phone plugged in for (battery hungry) navigation stuff when I was driving.
Great post, thank you.
A lot of great points here, I would be on aboard if phones therefore had two USB-C ports as standard
That’s great and all but I’m not switching to Bluetooth headphones and I’m definitely not going to fiddle around with dongles every time I switch between listening on my phone and my PC. Phones are gigantic anyways; let my have my headphone jack. I don’t think it’s a coincidence that all these smartphone manufacturers that ditched the old standard will happily sell you shiny expensive disposable wireless earbuds.
as someone has been fiddling with dongles for years, it’s not that bad, and you can just permanently connect your headphones to your dongle. the apple dongle is excellent and beyond enough for iems and a lot of headphones. I personally have one dongle + iems for my phone and another dongle + headphones for my PC, and that setup works really well for me. You might want to consider it. Otherwise, those big beefy Bluetooth headphones might be semi-repairable, and there are of course also Fairphone Bluetooth earbuds that are apparently fairly repairable (though I know nothing about those). At least you can replace the batteries and the ear tips or pads, and that’s usually enough to last you a decade with these things.
No. Fuck that. My PC has a headphone jack, and I use it. I don’t have a bunch of extra USB-C ports on the front of my computer. Modern phones have plenty of spaces for headphone jacks. They could put it there, they just don’t want to.
phones are already very full and dense, and a headphone jack is a very large component. plus, the Bluetooth is simply part of the small SoC, it’s a microscopic size. That doesn’t mean I prefer Bluetooth, but it makes some sense.
You sure?
vice.com/…/a-diy-hero-added-a-working-headphone-j…
I don’t buy that excuse in the slightest. Especially when Sony phones still have headphone jacks on their flagship phones too.
I used a USB connection through my KVM to connect to one computer or the next. But it’s just something to plug my headphones into the 3.5mm jack.
Since it never gets unplugged, it doesn’t get lost; unlike all those “just have this snowflake dongle in one of all of your stuff so it can get lost monthly and you can buy another” people.
Again: my startac 7800 had a jack and it was tiny. Apple and Samsung have NO EXCUSE.
I think this is a case where the corporations were telling people what they wanted rather than people really asking for thinner phones. Same thing with bezels, I don’t know anyone who asked for the screen to go all the way to the edge (or worse, curve around onto the sides). Apple and Samsung said ‘this is what people want’ when in fact it was what their marketing department wanted because they wouldn’t be able to sell the iGalaxy N+1 if it was slightly thicker or heavier than the iGalaxy N.
Fwiw, I want as much screen as possible. Why waste space?
.
Wouldn’t it be nice to have all that screen space and a headphone jack and higher capacity battery tho? You can have all that and more
I’m not saying to waste space… but when manufacturers start a pissing match among themselves and say that it’s because it’s what the customers want, we end up with shit. Why does anyone need a screen that curves around the edge of the phone? What purpose does this serve? Who actually asked for this?
I would give up some of my screen area to have forward facing speakers. I want a thicker phone that has better battery life. I also want to be able to swap out my battery. Oh, and I don’t want the entire thing encased in glass. If we’re so concerned about phone size then they should stop designing them so that a case is required.
Honestly I’d be happy with a phone sporting two USB C ports, one centered and one off to the side where the headphone jack used to be, both fully functional.
I know someone who works somewhat high up at Apple and he told me another reason was that they really wanted to improve the water proofing.
That’s just gaslighting. Other phones had audio jacks, water protection, and you didn’t have to hold them funny.
My bro is a huge apple kool-aid guy and he spouts their dogma word-for-word.
Yeah. One Samsung flagship phone (before they went down the Apple way) had headphone jack and stylus but still had better IP rating than iPhone.
What is ANC?
Active noise cancelling - noise cancelling that doesn’t just rely on making a seal between your ears and the earbuds/headphones.
As @papertowels@mander.xyz said.
en.wikipedia.org/wiki/Active_noise_control
Historically, if you were in a noisy environment, you could get closed-back, circumaural headphones — headphones that fit around your ears and had a lot of sound-absorption padding — to help soak up the sound. I still use decent non-ANC circumaural headphones at home.
There are also some people who are more-willing to tolerate discomfort than I am who get in-ear buds, which block noise in their ear canal, and on top of that, fit ear protectors intended for industrial use, like 3M X5 Peltor ear protectors, which have even more passive sound absorption stuff than current circumaural headphones do, and are even larger.
That sort of thing works well on higher frequency sound, but not as well on low-frequency stuff, like engine noise, large fans, stuff like that.
ANC basically has microphones in your headphones, picks up on what sounds are showing up at your ear, and then tries to compute and play back a sound that produces destructive interference at your ear. That is, if you look at the sound waves, where the environmental sound is low pressure, it plays back high pressure signal, and when the environmental sound is high pressure, it plays back low pressure signal. It’s not perfect, or it could make environmental sound totally inaudible. But high-end ANC headphones are pretty impressive these days. I have a pair of Sennheiser Momentum 4 headphones — good, though not the best ANC out there in 2025, and I don’t personally recommend these for other reasons — and when they kick on, the headphones are designed to have the ANC fade in; same thing happens in reverse, fades out when you flip the ANC off. It sounds almost as if fans and the like around you are powering up and down when that happens, very eerie if you’ve never experienced it before. Even the sounds that it doesn’t do so well on, like people talking, it significantly reduces in volume.
And ANC does best with the other side of the spectrum, the side that passive sound absorption doesn’t — the low-frequency stuff, especially regular sounds like fans. So having both a lot of passive sound absorption and ANC on a given pair of headphones let the two work well together.
People often use cell phones in noisy environments, with a lot of people around, and ANC makes it a lot easier to hear music or whatever without background sound interfering. I think that it’s very likely that people will, long term, mostly wind up using headphones with ANC (short of moving to something more elaborate like a direct brain interface or something). It’s not really all that important if you’re in a quiet environment, and I don’t bother using ANC headphones on my desktop at home. But if you’re in random environments — waiting a grocery store line, in a restaurant with music playing over the restaurant’s speakers, on an airplane with the drone of the airplane engines, whatever — it really helps to reduce that background sound. ANC isn’t that new. I think that I remember it mostly being billed as useful for airplane engine noise back when, which they’re a good fit for. But it’s gotten considerably better over the years. For me, in 2025, good ANC is something that I really want to have for smartphone use.
The problem is that in order to do ANC, you need at least a microphone, preferably an array, and somewhere you need to have a model of the sound transmission through the headphones and be running signal processing on the input sound to generate that output sound. In theory, you could do it on an attached computer if you had a fast data interface, but in practice, ANC-capable headphones are sold as self-contained units that handle all that themselves. So you gotta power the little computer in the headphones. That means that you probably have batteries and at least for full size headphones (rather than earbuds) you might as well stick a USB interface on them to charge them, even if the user is using Bluetooth for wireless connectivity. And if you’ve done that, it isn’t much more circuitry to just let the headphones act as USB headphones, so in general, ANC headphones tend to also be USB-capable. My Momentum 4 headphones have all of Bluetooth, USB-C, and a traditional headphones interface, but…I just haven’t really wound up using the headphones interface if I have the other options available on a given device. Might be convenient if I were using some device that only had headphones output. shrugs
Hum…
xatakaon.com/…/if-you-use-wired-headphones-youre-…
The only time a hacker is going to target you like this is if you’re an extremely high value target like a CEO or if you’re in the crosshairs of a nation-state. The average hacker isn’t going to waste this kind of effort to hack someone with $200 in their bank account and no power over anything or anyone.
.
Eh, you’re assigning an awful lot of malice with no real reason. A smartphone manufacturer already has access to the kind of data exposed in this attack, regardless of whether the headphones were hooked up with wires or bluetooth.
Samsung, Apple, Xaomi, Huwaei or whoever else doesn’t need some stupid BT vulnerability to know what attached devices like headphone are up too. They already have root level access to the phones hardware.
I’m not really sure that is the reason. I’m not saying I would put it past them, just that I really don’t think it’s necessary. Smart phone manufacturers have a million other ways they could spy on you if they wanted to. The U.S. Government already has the ability to know each and every thing you do on your phone, even if you never use Bluetooth. I think it’s greed pure and simple. It probably cost’s them a few pennies to add a physical jack and most people would lose their shit if a phone came out without Bluetooth capabilities, so they save those couple of pennies and put them into their greedy ass pockets.
That being said I have never bought a phone without one and never will as long as I have a choice. I do love my wireless headset though but I am also not too worried about being spied on (yet).
I’m 100% convinced that is why they stopped making batteries user replaceable though. In 2019 Edward Snowden did an interview with Wired magazine where he made the interviewer remove the battery from his phone as a condition of the interview. He explained that the U.S. Government can make it seem as if your device had been ‘powered down’ when in fact they can still listen to your conversations and transmit them back to the CIA or whatever other spooks that want to listen in. Shortly after than almost all manufactures stopped allowing you to remove the battery. Coincidence?
My current phone doesn’t have a removable battery, because I literally couldn’t find one in my price range that allowed you to do so.
The best advice if you don’t want to be spied on is not to use a smartphone altogether or just do whatever you want to be kept secret away from the phone at the very least. Buy a Faraday bag and keep your phone in there if that’s not an option.
Gonna set up my tablet to play Capital over bluetooth 24/7. Enjoy the theory skinwalkers
I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.
A speaker i have from bose is always on and “sleeping” and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead… wouldnt be surprised if some headphones worked the same…
It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.
It’s BLE - Bluetooth Low Energy.
Basically devices with BLE can listen for a wake-up command and turn on, similar to the “magic packet” of wake on Ethernet.
Super convenient for “find my device” applications, also nice to be able to connect and activate the device without having to press a power button like a peasant.
It also means that most devices with BLE end up flat within a month. I had a speaker with BLE and had to deliberately download a much older version of the Android partner app to turn it off, as they dropped the option to do so in later versions for “convenience”. With BLE on it would be flat in about 6 weeks regardless of whether I’d used it or not , which really ruined ad-hoc usage for me.
A smart outlet (and running home assistant) will solve that problem.
There’s lots of money to be made by inserting a hardware back door in your product then later disclosing it as an unfixable vulnerability and force your customers to buy new hardware which has the same but different backdoor. Repeat.
Thanks, I hate it. Vulnerable to your competitor red teaming it tho…
This is why I chose to get a Corsair Virtuoso, which has a removable microphone.
I was hoping this would allow me to take over Bluetooth speakers that people use while skiing and replace their music with a PSA about how no one wants to hear their music
Most annoying people on the mountain
Or public transit. Or public parks. Or grocery stores.
Yesss. Find that sploit and please let it never be fixable. I didn’t download a copy of The Wheels On The Bus for nothing.
My Redmi buds 5 had a firmware update available for me in the app. It could be an older one though, their patch notes suck and don’t even say the date. v4.3.8.8
They said I was mad when they removed the headphone jack - well who’s mad now??! AHAHahahahaaaaaaahhhhcrap it’s me.
I’m still mad. Fuckers.
I had a neighbor about 6 years ago that blasted rap at full volume every evening.
rap booming in the background
one fine day
“hmmm, what were these headphones on bt again? wait… soundbar. I don’t have a soundbar.
hmmm, I wonder”
device paired
play
“I think I’ll go to the store for a while!”
Elastic would’ve been amazing (among other things, it has all songs on the album laid on top of another, playing simultaneously)
This one is great for destroying speakers: warning super loud (turn down your volume before playing) m.soundcloud.com/…/official-paul-walker-tribute-f…
Good Lord! Thank you for the warning! On lowest audible phone volume it blew me away lol
What is that and why does it exist??
The compressor and normalize sound effect applied over and over again. From the montageparody era.
I occasionally visit it to find my bluetooth earbuds.
My old FM BT transmitter that let me connect to my car had a surprising range, bout about a 100ft in every direction which as I understand it they aren’t supposed to be that strong. (Scosche brand from Best Buy)
Used to tune it to the popular country station and jam everyone around me from listening to that station, which made me happy. Couple times when there was a particularly loud or obnoxious driver…I definately didn’t blast porn hub with my stereo off in my car…
Tangent.
One of my last concerts I went to was Meshuggah
Had a great time.
Wired headphones stay winning
… and this is why I don’t use bluetooth on anything.
I never have it enabled unless I am in the car driving and need driving directions or listening to music/podcasts. I prefer wired headphones, but manufacturers are making that difficult.
Because they can’t sell you more Bluetooth crap if they give you a choice.
Stop buying no-Jack phones.
Alright now how do I test this out
What is that site asking me to agree to? No thanks
GDPR. First time opening a European website? German ones like this are particularly transparent (by law, not choice).
US websites don’t even ask, they just do it behind your back.
The site wants to share info with advertisers. I found this to be refreshingly honest.
Anyway, can we get an archive link?
It’s strange to think about how complicit the public has become with this. You mean to tell me that 185 separate connections to other companies are required for me to… read an article?
Well yeah, they have to hoard your advertising data somehow. How else can they advertise things that you don’t need to buy?
Instead of hacking Bluetooth, sounds more effective to be an “advertising partner”.
You can get/make your own archive link by going to archive.ph and entering the article’s URL.
Here’s the link for this one: archive.ph/wUAQn
Thanks!
.
Sounds like the attack scenario is very sophisticated and targeted, and only works within the range of Bluetooth low energy (BLE) connectivity, so 10-15 meters under best circumstances. At that point they might as well eavesdrop on my calls in person.
Directional antennas exist and are very inexpensive
Honey i got to go there is a man outside our window with a lapton and an radio antenna "Ignore the man outside your window and just read off your credit card number
10-15 meters might be good enough to conduct the attack from a neighboring office or apartment, while actual eavesdropping is not so easy.
I think BLE is only required for the initial compromise (extracting the pairing key). After that the attack can be performed over classic BT, and can impersonate either part (headphones or phone) to the other.
It’s still very targeted and sophisticated, so no reason to panic unless you have reasons to think someone with the resources could target you.
Regarding the attacks, they go way beyond eavesdropping calls, since BT headphones usually have access to contacts and smart assistants, that you can use to extract a lot more information
You can get/make your own archive link by going to archive.ph and entering the article’s URL.
Here’s the link for this one: archive.ph/wUAQn
Archive link: archive.ph/wUAQn
So glad I use wired earbuds and refused to buy a phone that didn’t support them.
Same. I can’t find any Bluetooth headphones whose batteries don’t die in 4 or 5 months anyway. Meanwhile my Moondrop wired headphones have been going strong for almost 3 years.
My sony earbuds lasted 5 years before I decided to replace the batteries in them, which cost me $20 and 30 min. I would hope other earbuds wouldnt die in only half a year
To be fair I kept buying models that cost $20 to $30 so maybe the higher end ones would last longer. That said, my Moondrops wired headphones cost the same but are way more reliable.
Which ones? I have 1004, they got fucked in the washer
Mine are the WF1000XM3
I still have never heard noise cancellation as good as those ones. I have a couple other pairs of earbuds as well, one set for side sleeping, and one set for water. I like to listen to audiobooks in the shower and the IPX7 ones have held up great
I want exactly this set up. I need different ones for bedtime, swimming and everyday wear
Well, I can recommend the soundcore anker life A1 earbuds for swimming, and the soundcore sleep A20 for low profile earbuds that dont stick out of your ear. Went through atleast 4 sets (wired and wireless) of earbuds for each until settling on these.
Just FYI, I would imagine anker have plenty of exploits but I appreiate the recommendations.
Got a a pair of sennheisers old enough to vote
LOL at the big debate I read just yesterday about how better wireless headphones are, and how useless jacks on phones are nowadays...
I will never tire of pasting this:
…tumblr.com/…/tech-enthusiasts-everything-in-my-h…
That person is being needlessly cautious.
- joke punchline -
A good swing with a steel baseball bat is enough to deal with a printer from 2004.
Unchecked consumer-grade RF signals that are broadcast in every direction are insecure??
Color me shocked!
Well, if these devices required any sort of authentication (e.g. pairing) to free access to their ram and flash, we wouldn’t be having this particular story…
Hah, jokes on them, I managed to fuck my earbuds’ microphones so they’re useless now.
I am the sweaty balls man and this happens often
Why are your earbuds… in your pants
my balls and my ears sweat at the same time
Oh, fair enough then
Gotta feel the bass
You did WHAT with them?
They don’t GO there…
Yep I only use wired…
downvoted for that website’s super illegal “pay us to not track you” policy
Not all sites charge - yet.
I think that’s explicitly forbidden by the EU, and it’s a German domain.
I hate that. I’m looking at you Healthline. I hate that it’s always so high in the results.
This really makes me hate that we don’t have headphone jack anymore
Not on flagships.
Sent from my Redmi Note 11S 5G.
You have a Redmi, you don’t get an in here
🤣🤣🤣
Ive always hated phones without the 3.5mm and won’t stop even if all phone manufacturers remove it
At least you can still get adapters for phones that don’t have it :)
Indeed, I don’t really see the problem. Instead of a single use port you have a practically universal port. That’s better, surely.
Yeah but it was never a matter of "insTeAD Of," it's in addition to, meaning you get to use the same favourite set of headpdones you use with literally every other device while keeping the practically universal port free for other purposes at the same time!!!! 🤯🤯🤯
Now isn't that wizard?
You can still do that with an adapter though?
Now here's the amazing bit: imagine being able to do that without needing to carry an additional thing around.
I guess I’m used to it. Besides, imagine not using a cable at all–even better?
I can insert a cable faster into my phone than most Bluetooth headphones connect. Audio quality also tends to be better with wired headphones and uses less of the battery power. A lot of the times a dedicated single use port is much better than a jack of all trades port.
3.5mm is by far the better option for literally every reason headphones are designed for
the only argument is when exercising, some people prefer to use wireless for the kinda of workouts they do
Imagine how much data could be collected from, say, a busy gym full of people with wireless headphones, or a hotel lobby