Zero-day: Bluetooth gap turns millions of headphones into listening stations (www.heise.de)
from rodneyck@lemmy.dbzer0.com to technology@lemmy.world on 27 Jun 17:40
https://lemmy.dbzer0.com/post/47752073

The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

Source

#technology

threaded - newest

cmnybo@discuss.tchncs.de on 27 Jun 17:45 next collapse

So how do you determine if your headphones have the vulnerable chip in them?

rodneyck@lemmy.dbzer0.com on 27 Jun 17:53 next collapse

You will need to do some research on your headphones, I guess.

Almonds@mander.xyz on 27 Jun 18:06 next collapse

The flaws, discovered by German cybersecurity firm ERNW and first reported by Heise Online, affect dozens of headphone models from brands such as Sony, JBL, Bose, and Marshall, with no comprehensive firmware fixes available yet.

  • Sony WH-1000XM4/5/6, WF-1000XM3/4/5, LinkBuds S, ULT Wear, CH-720N, C500, C510-GFP, XB910N
  • Marshall ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
  • JBL Live Buds 3, Endurance Race 2
  • Jabra Elite 8 Active
  • Bose QuietComfort Earbuds
  • Beyerdynamic Amiron 300
  • Jlab Epic Air Sport ANC
  • Teufel Airy TWS 2
  • MoerLabs EchoBeatz
  • Xiaomi Redmi Buds 5 Pro
  • earisMax Bluetooth Auracast Sender

ERNW emphasizes that this is only a partial list.

Source

tal@lemmy.today on 27 Jun 18:23 next collapse

Sony WH-1000XM4/5/6

I don’t have one of those, but they’re pretty popular as headphones with good ANC.

Jlab Epic Air Sport ANC

I do have those, though.

devfuuu@lemmy.world on 27 Jun 19:08 collapse

Yeah. I have the previous version of the WH which seems not affected, but I also have the WF 3 which unfortunately seems to be.

Many people have sony headphones with those chips.

Zorsith@lemmy.blahaj.zone on 30 Jun 05:57 collapse

Yeah, ive got a pair of the WF 3 too, now ive gotta be watching this…

OberonSwanson@sh.itjust.works on 27 Jun 19:01 next collapse

Damn that’s pretty big, hopefully they update and give a final list of affected devices. Not to mention, gotta pray the devices will see software updates to try and mitigate it.

VeganCheesecake@lemmy.blahaj.zone on 29 Jun 11:10 collapse

<img alt="wf-1000XM3 connected, playing Cissy Strut" src="https://lemmy.blahaj.zone/pictrs/image/d18608d6-3db7-4ed4-acb2-7d89400cc51e.webp">

Guess I’m lucky to have broken the mics on mine by accidentally throwing them in the wash?

hendu@lemmy.dbzer0.com on 27 Jun 18:09 collapse

According to the article, headphones using a Bluetooth SoC manufactured by Airoha may be vulnerable. So, need to find if your headphones use their SoC.

ShittyBeatlesFCPres@lemmy.world on 27 Jun 18:05 next collapse

Every spy in my vicinity is going to be dancing to The Meters - Cissy Strut.

just_another_person@lemmy.world on 27 Jun 18:29 next collapse

A fine choice though.

motor_spirit@lemmy.world on 27 Jun 20:14 next collapse

Shitty Beatles & the meters… I’ll follow you anywhere

homesweethomeMrL@lemmy.world on 27 Jun 20:19 collapse

Awwwwwwwwwwwwww YAH

littleomid@feddit.org on 28 Jun 10:00 collapse

Namana naanaa, bum darum du da… dadam da da!

SnotFlickerman@lemmy.blahaj.zone on 27 Jun 18:07 next collapse

And this is why people wanted headphone jacks… and also why corporations didn’t want them.

BubblyRomeo@kbin.earth on 27 Jun 18:10 next collapse

and also why corporations didn't want them.

Exactly! So they can spy on us more!

entwine413@lemm.ee on 27 Jun 19:33 collapse

No, the real reason is it saves a few pennies per phone. They can already spy on us through the internal mic.

QuarterSwede@lemmy.world on 28 Jun 02:59 collapse

It’s always about the money. Everyone else yelling about them spying, they’ll only do that if it makes them more money.

tal@lemmy.today on 27 Jun 18:45 next collapse

I mean, there were legitimate technical issues with the standard, especially on smartphones, which is where they really got pushed out. Most other devices do have headphones jacks. If I get a laptop, it’s probably got a headphones jack. Radios will have headphones jacks. Get a mixer, it’s got a headphones jack. I don’t think that the standard is going to vanish anytime soon in general.

I like headphones jacks. I have a ton of 1/8" and 1/4" devices and headphones that I happily use. But they weren’t doing it for no reason.

  • From what I’ve read, the big, driving one that drove them out on smartphones was that the jack just takes up a lot more physical space in the phone than USB-C or Bluetooth. I’d rather just have a thicker phone, but a lot of people wouldn’t, and if you’re going all over the phone trying to figure out what to eject to buy more space, that’s gonna be a big target. For people who do want a jack on smartphones, which invariably have USB-C, you can get a similar effect to having a headphones jack by just leaving a small USB-C audio interface with a headphones jack on the end of your headphones (one with a passthrough USB-C port if you also want to use the USB-C port for charging).

  • A second issue was that the standard didn’t have a way to provide power (there was a now-dead extension from many years back, IIRC for MD players, that let a small amount of power be provided with an extra ring). That didn’t matter for a long time, as long as your device could put out a strong enough signal to drive headphones of whatever impedance you had. But ANC has started to become popular now, and you need power for ANC. This is really the first time I think that there’s a solid reason to want to power headphones.

  • The connection got shorted when plugging things in and out, which could result in loud sound on the membrane.

  • USB-C is designed so that the springy tensioning stuff that’s there to keep the connection solid is on the (cheap, easy to replace) cord rather than the (expensive, hard to replace) device; I understand from past reading that this was a major reason that micro-USB replaced mini-USB. Instead of your device wearing out, the cord wears out. Not as much of an issue for headphones as mini-USB, but I think that it’s probably fair to say that it’s desirable to have the tensioning on the cord side.

  • On USB-C, the right part breaks. One irritation I have with USB-C is that it is…kind of flimsy. Like, it doesn’t require that much force pushing on a plug sideways to damage a plug. However — and I don’t know if this was a design goal for USB-C, though I suspect it was — my experience has been that if that happens, it’s the plug on the (cheap, easy to replace) cord that gets damaged, not the device. I have a television with a headphones jack that I destroyed by tripping over a headphones cord once, because the headphones jack was nice and durable and let me tear components inside the television off. I’ve damaged several USB-C cables, but I’ve never damaged the device they’re connected to while doing so.

On an interesting note, the standard is extremely old, probably one of the oldest data standards in general use today; the 1/4" mono standard was from phone switchboards in the 1800s.

EDIT: Also, one other perk of using USB-C instead of a built-in headphones jack on a smartphone is that if the DAC on your phone sucks, going the USB-C-audio-interface route means that you can use a different DAC. Can’t really change the internal DAC. I don’t know about other people, but last phone I had that did have an audio jack would let through a “wub wub wub” sound when I was charging it on USB off my car’s 12V cigarette lighter adapter — dirty power, but USB power is often really dirty. Was really obnoxious when feeding my car’s stereo via its AUX port. That’s very much avoidable for the manufacturer by putting some filtering on the DAC’s power supply, maybe needs a capacitor on the thing, but the phone manufacturer didn’t do it, maybe to save space or money. That’s not something that I can go fix. I eventually worked around it by getting a battery-powered Bluetooth receiver that had a 1/8" headphones jack, cutting the phone’s DAC out of the equation. The phone’s internal DAC worked fine when the phone wasn’t charging, but I wanted to have the phone plugged in for (battery hungry) navigation stuff when I was driving.

jonathan@lemmy.zip on 27 Jun 19:08 next collapse

Great post, thank you.

wingsfortheirsmiles@feddit.uk on 27 Jun 19:34 next collapse

A lot of great points here, I would be on aboard if phones therefore had two USB-C ports as standard

Unboxious@ani.social on 27 Jun 20:05 next collapse

That’s great and all but I’m not switching to Bluetooth headphones and I’m definitely not going to fiddle around with dongles every time I switch between listening on my phone and my PC. Phones are gigantic anyways; let my have my headphone jack. I don’t think it’s a coincidence that all these smartphone manufacturers that ditched the old standard will happily sell you shiny expensive disposable wireless earbuds.

baguettefish@discuss.tchncs.de on 27 Jun 20:48 collapse

as someone has been fiddling with dongles for years, it’s not that bad, and you can just permanently connect your headphones to your dongle. the apple dongle is excellent and beyond enough for iems and a lot of headphones. I personally have one dongle + iems for my phone and another dongle + headphones for my PC, and that setup works really well for me. You might want to consider it. Otherwise, those big beefy Bluetooth headphones might be semi-repairable, and there are of course also Fairphone Bluetooth earbuds that are apparently fairly repairable (though I know nothing about those). At least you can replace the batteries and the ear tips or pads, and that’s usually enough to last you a decade with these things.

Unboxious@ani.social on 27 Jun 21:07 collapse

you can just permanently connect your headphones to your dongle

No. Fuck that. My PC has a headphone jack, and I use it. I don’t have a bunch of extra USB-C ports on the front of my computer. Modern phones have plenty of spaces for headphone jacks. They could put it there, they just don’t want to.

baguettefish@discuss.tchncs.de on 27 Jun 21:32 next collapse

phones are already very full and dense, and a headphone jack is a very large component. plus, the Bluetooth is simply part of the small SoC, it’s a microscopic size. That doesn’t mean I prefer Bluetooth, but it makes some sense.

TheBat@lemmy.world on 28 Jun 04:08 collapse

You sure?

vice.com/…/a-diy-hero-added-a-working-headphone-j…

I don’t buy that excuse in the slightest. Especially when Sony phones still have headphone jacks on their flagship phones too.

corsicanguppy@lemmy.ca on 28 Jun 00:29 collapse

I used a USB connection through my KVM to connect to one computer or the next. But it’s just something to plug my headphones into the 3.5mm jack.

Since it never gets unplugged, it doesn’t get lost; unlike all those “just have this snowflake dongle in one of all of your stuff so it can get lost monthly and you can buy another” people.

Again: my startac 7800 had a jack and it was tiny. Apple and Samsung have NO EXCUSE.

Bob_Robertson_IX@discuss.tchncs.de on 27 Jun 20:06 next collapse

I’d rather just have a thicker phone, but a lot of people wouldn’t

I think this is a case where the corporations were telling people what they wanted rather than people really asking for thinner phones. Same thing with bezels, I don’t know anyone who asked for the screen to go all the way to the edge (or worse, curve around onto the sides). Apple and Samsung said ‘this is what people want’ when in fact it was what their marketing department wanted because they wouldn’t be able to sell the iGalaxy N+1 if it was slightly thicker or heavier than the iGalaxy N.

red_bull_of_juarez@lemmy.dbzer0.com on 30 Jun 05:25 collapse

Fwiw, I want as much screen as possible. Why waste space?

[deleted] on 30 Jun 15:31 next collapse

.

ieatpwns@lemmy.world on 30 Jun 15:31 next collapse

Wouldn’t it be nice to have all that screen space and a headphone jack and higher capacity battery tho? You can have all that and more

Bob_Robertson_IX@discuss.tchncs.de on 30 Jun 19:11 collapse

I’m not saying to waste space… but when manufacturers start a pissing match among themselves and say that it’s because it’s what the customers want, we end up with shit. Why does anyone need a screen that curves around the edge of the phone? What purpose does this serve? Who actually asked for this?

I would give up some of my screen area to have forward facing speakers. I want a thicker phone that has better battery life. I also want to be able to swap out my battery. Oh, and I don’t want the entire thing encased in glass. If we’re so concerned about phone size then they should stop designing them so that a case is required.

isVeryLoud@lemmy.ca on 27 Jun 23:10 next collapse

Honestly I’d be happy with a phone sporting two USB C ports, one centered and one off to the side where the headphone jack used to be, both fully functional.

gloktawasright@lemm.ee on 27 Jun 23:55 next collapse

I know someone who works somewhat high up at Apple and he told me another reason was that they really wanted to improve the water proofing.

corsicanguppy@lemmy.ca on 28 Jun 00:24 collapse

That’s just gaslighting. Other phones had audio jacks, water protection, and you didn’t have to hold them funny.

My bro is a huge apple kool-aid guy and he spouts their dogma word-for-word.

TheBat@lemmy.world on 28 Jun 03:59 collapse

Yeah. One Samsung flagship phone (before they went down the Apple way) had headphone jack and stylus but still had better IP rating than iPhone.

sem@lemmy.blahaj.zone on 30 Jun 02:50 collapse

What is ANC?

papertowels@mander.xyz on 30 Jun 04:04 next collapse

Active noise cancelling - noise cancelling that doesn’t just rely on making a seal between your ears and the earbuds/headphones.

tal@lemmy.today on 30 Jun 09:03 collapse

As @papertowels@mander.xyz said.

en.wikipedia.org/wiki/Active_noise_control

Historically, if you were in a noisy environment, you could get closed-back, circumaural headphones — headphones that fit around your ears and had a lot of sound-absorption padding — to help soak up the sound. I still use decent non-ANC circumaural headphones at home.

There are also some people who are more-willing to tolerate discomfort than I am who get in-ear buds, which block noise in their ear canal, and on top of that, fit ear protectors intended for industrial use, like 3M X5 Peltor ear protectors, which have even more passive sound absorption stuff than current circumaural headphones do, and are even larger.

That sort of thing works well on higher frequency sound, but not as well on low-frequency stuff, like engine noise, large fans, stuff like that.

ANC basically has microphones in your headphones, picks up on what sounds are showing up at your ear, and then tries to compute and play back a sound that produces destructive interference at your ear. That is, if you look at the sound waves, where the environmental sound is low pressure, it plays back high pressure signal, and when the environmental sound is high pressure, it plays back low pressure signal. It’s not perfect, or it could make environmental sound totally inaudible. But high-end ANC headphones are pretty impressive these days. I have a pair of Sennheiser Momentum 4 headphones — good, though not the best ANC out there in 2025, and I don’t personally recommend these for other reasons — and when they kick on, the headphones are designed to have the ANC fade in; same thing happens in reverse, fades out when you flip the ANC off. It sounds almost as if fans and the like around you are powering up and down when that happens, very eerie if you’ve never experienced it before. Even the sounds that it doesn’t do so well on, like people talking, it significantly reduces in volume.

And ANC does best with the other side of the spectrum, the side that passive sound absorption doesn’t — the low-frequency stuff, especially regular sounds like fans. So having both a lot of passive sound absorption and ANC on a given pair of headphones let the two work well together.

People often use cell phones in noisy environments, with a lot of people around, and ANC makes it a lot easier to hear music or whatever without background sound interfering. I think that it’s very likely that people will, long term, mostly wind up using headphones with ANC (short of moving to something more elaborate like a direct brain interface or something). It’s not really all that important if you’re in a quiet environment, and I don’t bother using ANC headphones on my desktop at home. But if you’re in random environments — waiting a grocery store line, in a restaurant with music playing over the restaurant’s speakers, on an airplane with the drone of the airplane engines, whatever — it really helps to reduce that background sound. ANC isn’t that new. I think that I remember it mostly being billed as useful for airplane engine noise back when, which they’re a good fit for. But it’s gotten considerably better over the years. For me, in 2025, good ANC is something that I really want to have for smartphone use.

The problem is that in order to do ANC, you need at least a microphone, preferably an array, and somewhere you need to have a model of the sound transmission through the headphones and be running signal processing on the input sound to generate that output sound. In theory, you could do it on an attached computer if you had a fast data interface, but in practice, ANC-capable headphones are sold as self-contained units that handle all that themselves. So you gotta power the little computer in the headphones. That means that you probably have batteries and at least for full size headphones (rather than earbuds) you might as well stick a USB interface on them to charge them, even if the user is using Bluetooth for wireless connectivity. And if you’ve done that, it isn’t much more circuitry to just let the headphones act as USB headphones, so in general, ANC headphones tend to also be USB-capable. My Momentum 4 headphones have all of Bluetooth, USB-C, and a traditional headphones interface, but…I just haven’t really wound up using the headphones interface if I have the other options available on a given device. Might be convenient if I were using some device that only had headphones output. shrugs

Dremor@lemmy.world on 27 Jun 18:53 next collapse

Hum…

xatakaon.com/…/if-you-use-wired-headphones-youre-…

SnotFlickerman@lemmy.blahaj.zone on 27 Jun 19:23 next collapse

The only time a hacker is going to target you like this is if you’re an extremely high value target like a CEO or if you’re in the crosshairs of a nation-state. The average hacker isn’t going to waste this kind of effort to hack someone with $200 in their bank account and no power over anything or anyone.

[deleted] on 27 Jun 19:27 collapse

.

Buelldozer@lemmy.today on 27 Jun 21:46 next collapse

Eh, you’re assigning an awful lot of malice with no real reason. A smartphone manufacturer already has access to the kind of data exposed in this attack, regardless of whether the headphones were hooked up with wires or bluetooth.

Samsung, Apple, Xaomi, Huwaei or whoever else doesn’t need some stupid BT vulnerability to know what attached devices like headphone are up too. They already have root level access to the phones hardware.

Wolf@lemmy.today on 27 Jun 23:47 collapse

I’m not really sure that is the reason. I’m not saying I would put it past them, just that I really don’t think it’s necessary. Smart phone manufacturers have a million other ways they could spy on you if they wanted to. The U.S. Government already has the ability to know each and every thing you do on your phone, even if you never use Bluetooth. I think it’s greed pure and simple. It probably cost’s them a few pennies to add a physical jack and most people would lose their shit if a phone came out without Bluetooth capabilities, so they save those couple of pennies and put them into their greedy ass pockets.

That being said I have never bought a phone without one and never will as long as I have a choice. I do love my wireless headset though but I am also not too worried about being spied on (yet).

I’m 100% convinced that is why they stopped making batteries user replaceable though. In 2019 Edward Snowden did an interview with Wired magazine where he made the interviewer remove the battery from his phone as a condition of the interview. He explained that the U.S. Government can make it seem as if your device had been ‘powered down’ when in fact they can still listen to your conversations and transmit them back to the CIA or whatever other spooks that want to listen in. Shortly after than almost all manufactures stopped allowing you to remove the battery. Coincidence?

My current phone doesn’t have a removable battery, because I literally couldn’t find one in my price range that allowed you to do so.

The best advice if you don’t want to be spied on is not to use a smartphone altogether or just do whatever you want to be kept secret away from the phone at the very least. Buy a Faraday bag and keep your phone in there if that’s not an option.

ashenone@lemmy.ml on 27 Jun 18:19 next collapse

Gonna set up my tablet to play Capital over bluetooth 24/7. Enjoy the theory skinwalkers

Catoblepas@piefed.blahaj.zone on 27 Jun 18:34 next collapse

Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.

I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.

Goretantath@lemmy.world on 27 Jun 18:47 collapse

A speaker i have from bose is always on and “sleeping” and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead… wouldnt be surprised if some headphones worked the same…

Catoblepas@piefed.blahaj.zone on 27 Jun 18:52 next collapse

It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.

dgriffith@aussie.zone on 27 Jun 19:42 collapse

It’s BLE - Bluetooth Low Energy.

Basically devices with BLE can listen for a wake-up command and turn on, similar to the “magic packet” of wake on Ethernet.

Super convenient for “find my device” applications, also nice to be able to connect and activate the device without having to press a power button like a peasant.

It also means that most devices with BLE end up flat within a month. I had a speaker with BLE and had to deliberately download a much older version of the Android partner app to turn it off, as they dropped the option to do so in later versions for “convenience”. With BLE on it would be flat in about 6 weeks regardless of whether I’d used it or not , which really ruined ad-hoc usage for me.

entwine413@lemm.ee on 27 Jun 19:35 collapse

A smart outlet (and running home assistant) will solve that problem.

joyjoy@lemmy.zip on 27 Jun 18:40 next collapse

There’s lots of money to be made by inserting a hardware back door in your product then later disclosing it as an unfixable vulnerability and force your customers to buy new hardware which has the same but different backdoor. Repeat.

MalReynolds@aussie.zone on 27 Jun 22:26 collapse

Thanks, I hate it. Vulnerable to your competitor red teaming it tho…

ter_maxima@jlai.lu on 27 Jun 18:54 next collapse

This is why I chose to get a Corsair Virtuoso, which has a removable microphone.

turkalino@lemmy.yachts on 27 Jun 19:24 next collapse

I was hoping this would allow me to take over Bluetooth speakers that people use while skiing and replace their music with a PSA about how no one wants to hear their music

Most annoying people on the mountain

doc@fedia.io on 27 Jun 19:46 collapse

Or public transit. Or public parks. Or grocery stores.

corsicanguppy@lemmy.ca on 28 Jun 00:32 collapse

Yesss. Find that sploit and please let it never be fixable. I didn’t download a copy of The Wheels On The Bus for nothing.

testuserpleaseupvote@lemmy.world on 27 Jun 20:03 next collapse

My Redmi buds 5 had a firmware update available for me in the app. It could be an older one though, their patch notes suck and don’t even say the date. v4.3.8.8

homesweethomeMrL@lemmy.world on 27 Jun 20:22 next collapse

They said I was mad when they removed the headphone jack - well who’s mad now??! AHAHahahahaaaaaaahhhhcrap it’s me.

I’m still mad. Fuckers.

Vanilla_PuddinFudge@infosec.pub on 27 Jun 20:24 next collapse

I had a neighbor about 6 years ago that blasted rap at full volume every evening.

rap booming in the background

one fine day

“hmmm, what were these headphones on bt again? wait… soundbar. I don’t have a soundbar.

hmmm, I wonder”

device paired

Jellyfin>Artists>… Meshuggah

Obzen

Combustion

play

Volume 100%

“I think I’ll go to the store for a while!”

Mbourgon@lemmy.world on 27 Jun 20:32 next collapse

Elastic would’ve been amazing (among other things, it has all songs on the album laid on top of another, playing simultaneously)

IndustryStandard@lemmy.world on 27 Jun 20:42 collapse

This one is great for destroying speakers: warning super loud (turn down your volume before playing) m.soundcloud.com/…/official-paul-walker-tribute-f…

Krudler@lemmy.world on 28 Jun 02:34 collapse

Good Lord! Thank you for the warning! On lowest audible phone volume it blew me away lol

What is that and why does it exist??

IndustryStandard@lemmy.world on 28 Jun 08:32 collapse

The compressor and normalize sound effect applied over and over again. From the montageparody era.

I occasionally visit it to find my bluetooth earbuds.

Jarix@lemmy.world on 28 Jun 05:07 collapse

My old FM BT transmitter that let me connect to my car had a surprising range, bout about a 100ft in every direction which as I understand it they aren’t supposed to be that strong. (Scosche brand from Best Buy)

Used to tune it to the popular country station and jam everyone around me from listening to that station, which made me happy. Couple times when there was a particularly loud or obnoxious driver…I definately didn’t blast porn hub with my stereo off in my car…

Tangent.

One of my last concerts I went to was Meshuggah

Had a great time.

sharkfucker420@lemmy.ml on 27 Jun 20:49 next collapse

Wired headphones stay winning

sp3ctr4l@lemmy.dbzer0.com on 27 Jun 21:47 next collapse

… and this is why I don’t use bluetooth on anything.

rodneyck@lemmy.dbzer0.com on 27 Jun 21:50 collapse

I never have it enabled unless I am in the car driving and need driving directions or listening to music/podcasts. I prefer wired headphones, but manufacturers are making that difficult.

corsicanguppy@lemmy.ca on 27 Jun 23:58 collapse

Because they can’t sell you more Bluetooth crap if they give you a choice.

Stop buying no-Jack phones.

pineapplelover@lemm.ee on 27 Jun 22:04 next collapse

Alright now how do I test this out

PattyMcB@lemmy.world on 27 Jun 22:12 next collapse

What is that site asking me to agree to? No thanks

viking@infosec.pub on 28 Jun 00:08 next collapse

GDPR. First time opening a European website? German ones like this are particularly transparent (by law, not choice).

InFerNo@lemmy.ml on 28 Jun 21:34 collapse

US websites don’t even ask, they just do it behind your back.

MNByChoice@midwest.social on 27 Jun 23:47 next collapse

The site wants to share info with advertisers. I found this to be refreshingly honest.

We and our up to 185 partners use cookies and tracking technologies. Some cookies and data processing are technically necessary, others help us to improve our offer and operate it economically…

Anyway, can we get an archive link?

trashboat@midwest.social on 28 Jun 00:21 next collapse

It’s strange to think about how complicit the public has become with this. You mean to tell me that 185 separate connections to other companies are required for me to… read an article?

ipkpjersi@lemmy.ml on 28 Jun 00:25 collapse

Well yeah, they have to hoard your advertising data somehow. How else can they advertise things that you don’t need to buy?

Lumisal@lemmy.world on 28 Jun 00:45 next collapse

Instead of hacking Bluetooth, sounds more effective to be an “advertising partner”.

SoleInvictus@lemmy.blahaj.zone on 28 Jun 00:54 next collapse

You can get/make your own archive link by going to archive.ph and entering the article’s URL.

Here’s the link for this one: archive.ph/wUAQn

MNByChoice@midwest.social on 29 Jun 00:23 collapse

Thanks!

ugjka@lemmy.world on 28 Jun 17:28 collapse

The website also wants to drm fingerprint you <img alt="" src="https://lemmy.world/pictrs/image/830ca03c-c0b4-42d0-ab14-51f97232841e.png">

viking@infosec.pub on 28 Jun 00:10 next collapse

Sounds like the attack scenario is very sophisticated and targeted, and only works within the range of Bluetooth low energy (BLE) connectivity, so 10-15 meters under best circumstances. At that point they might as well eavesdrop on my calls in person.

tehfishman@lemmy.world on 28 Jun 00:40 next collapse

Directional antennas exist and are very inexpensive

joel_feila@lemmy.world on 28 Jun 02:05 next collapse

Honey i got to go there is a man outside our window with a lapton and an radio antenna "Ignore the man outside your window and just read off your credit card number

solrize@lemmy.ml on 28 Jun 03:14 next collapse

10-15 meters might be good enough to conduct the attack from a neighboring office or apartment, while actual eavesdropping is not so easy.

wintermute@discuss.tchncs.de on 28 Jun 07:16 collapse

I think BLE is only required for the initial compromise (extracting the pairing key). After that the attack can be performed over classic BT, and can impersonate either part (headphones or phone) to the other.
It’s still very targeted and sophisticated, so no reason to panic unless you have reasons to think someone with the resources could target you.
Regarding the attacks, they go way beyond eavesdropping calls, since BT headphones usually have access to contacts and smart assistants, that you can use to extract a lot more information

SoleInvictus@lemmy.blahaj.zone on 28 Jun 00:54 next collapse

You can get/make your own archive link by going to archive.ph and entering the article’s URL.

Here’s the link for this one: archive.ph/wUAQn

underline960@sh.itjust.works on 28 Jun 01:07 next collapse

Archive link: archive.ph/wUAQn

solrize@lemmy.ml on 28 Jun 02:29 next collapse

So glad I use wired earbuds and refused to buy a phone that didn’t support them.

Someonelol@lemmy.dbzer0.com on 28 Jun 04:16 next collapse

Same. I can’t find any Bluetooth headphones whose batteries don’t die in 4 or 5 months anyway. Meanwhile my Moondrop wired headphones have been going strong for almost 3 years.

Zeoic@lemmy.world on 28 Jun 04:32 next collapse

My sony earbuds lasted 5 years before I decided to replace the batteries in them, which cost me $20 and 30 min. I would hope other earbuds wouldnt die in only half a year

Someonelol@lemmy.dbzer0.com on 28 Jun 04:56 next collapse

To be fair I kept buying models that cost $20 to $30 so maybe the higher end ones would last longer. That said, my Moondrops wired headphones cost the same but are way more reliable.

Squizzy@lemmy.world on 28 Jun 11:26 collapse

Which ones? I have 1004, they got fucked in the washer

Zeoic@lemmy.world on 28 Jun 11:50 collapse

Mine are the WF1000XM3

I still have never heard noise cancellation as good as those ones. I have a couple other pairs of earbuds as well, one set for side sleeping, and one set for water. I like to listen to audiobooks in the shower and the IPX7 ones have held up great

Squizzy@lemmy.world on 28 Jun 12:42 collapse

I want exactly this set up. I need different ones for bedtime, swimming and everyday wear

Zeoic@lemmy.world on 28 Jun 12:52 collapse

Well, I can recommend the soundcore anker life A1 earbuds for swimming, and the soundcore sleep A20 for low profile earbuds that dont stick out of your ear. Went through atleast 4 sets (wired and wireless) of earbuds for each until settling on these.

Squizzy@lemmy.world on 28 Jun 18:23 collapse

Just FYI, I would imagine anker have plenty of exploits but I appreiate the recommendations.

Taleya@aussie.zone on 28 Jun 23:32 collapse

Got a a pair of sennheisers old enough to vote

SharkAttak@kbin.melroy.org on 28 Jun 12:30 collapse

LOL at the big debate I read just yesterday about how better wireless headphones are, and how useless jacks on phones are nowadays...

solrize@lemmy.ml on 28 Jun 17:01 collapse

I will never tire of pasting this:

…tumblr.com/…/tech-enthusiasts-everything-in-my-h…

pinball_wizard@lemmy.zip on 28 Jun 17:14 collapse

That person is being needlessly cautious.

- joke punchline -

A good swing with a steel baseball bat is enough to deal with a printer from 2004.

SCmSTR@lemmy.blahaj.zone on 28 Jun 02:49 next collapse

Unchecked consumer-grade RF signals that are broadcast in every direction are insecure??

Color me shocked!

flux@lemmy.ml on 28 Jun 10:52 collapse

Well, if these devices required any sort of authentication (e.g. pairing) to free access to their ram and flash, we wouldn’t be having this particular story…

Redex68@lemmy.world on 28 Jun 03:00 next collapse

Hah, jokes on them, I managed to fuck my earbuds’ microphones so they’re useless now.

nutsack@lemmy.dbzer0.com on 28 Jun 07:27 next collapse

I am the sweaty balls man and this happens often

DarkDarkHouse@lemmy.sdf.org on 28 Jun 08:47 collapse

Why are your earbuds… in your pants

nutsack@lemmy.dbzer0.com on 28 Jun 10:15 next collapse

my balls and my ears sweat at the same time

DarkDarkHouse@lemmy.sdf.org on 28 Jun 10:39 collapse

Oh, fair enough then

Qwaffle_waffle@sh.itjust.works on 28 Jun 12:36 collapse

Gotta feel the bass

HiTekRedNek@lemmy.world on 28 Jun 11:19 collapse

You did WHAT with them?

They don’t GO there…

bridgeenjoyer@sh.itjust.works on 28 Jun 03:00 next collapse

Yep I only use wired…

skisnow@lemmy.ca on 28 Jun 08:54 next collapse

downvoted for that website’s super illegal “pay us to not track you” policy

rayyy@lemmy.world on 28 Jun 11:16 next collapse
JuxtaposedJaguar@lemmy.ml on 28 Jun 12:40 next collapse

Consent required for free use

I think that’s explicitly forbidden by the EU, and it’s a German domain.

theherk@lemmy.world on 28 Jun 17:47 collapse

I hate that. I’m looking at you Healthline. I hate that it’s always so high in the results.

atlien51@lemm.ee on 28 Jun 12:13 next collapse

This really makes me hate that we don’t have headphone jack anymore

arararagi@ani.social on 28 Jun 17:33 next collapse

Not on flagships.

Sent from my Redmi Note 11S 5G.

ArchmageAzor@lemmy.world on 28 Jun 18:02 collapse

You have a Redmi, you don’t get an in here

atlien51@lemm.ee on 28 Jun 18:45 collapse

🤣🤣🤣

underscores@lemmy.zip on 28 Jun 18:37 collapse

Ive always hated phones without the 3.5mm and won’t stop even if all phone manufacturers remove it

atlien51@lemm.ee on 28 Jun 18:46 collapse

At least you can still get adapters for phones that don’t have it :)

DarkDarkHouse@lemmy.sdf.org on 29 Jun 06:09 collapse

Indeed, I don’t really see the problem. Instead of a single use port you have a practically universal port. That’s better, surely.

Walk_blesseD@piefed.blahaj.zone on 29 Jun 06:30 collapse

instead of

Yeah but it was never a matter of "insTeAD Of," it's in addition to, meaning you get to use the same favourite set of headpdones you use with literally every other device while keeping the practically universal port free for other purposes at the same time!!!! 🤯🤯🤯
Now isn't that wizard?

DarkDarkHouse@lemmy.sdf.org on 29 Jun 08:17 collapse

You can still do that with an adapter though?

Walk_blesseD@piefed.blahaj.zone on 29 Jun 08:36 collapse

Now here's the amazing bit: imagine being able to do that without needing to carry an additional thing around.

DarkDarkHouse@lemmy.sdf.org on 29 Jun 09:05 collapse

I guess I’m used to it. Besides, imagine not using a cable at all–even better?

Stankmasterhype@infosec.pub on 29 Jun 09:19 collapse

I can insert a cable faster into my phone than most Bluetooth headphones connect. Audio quality also tends to be better with wired headphones and uses less of the battery power. A lot of the times a dedicated single use port is much better than a jack of all trades port.

underscores@lemmy.zip on 29 Jun 19:41 collapse

3.5mm is by far the better option for literally every reason headphones are designed for

the only argument is when exercising, some people prefer to use wireless for the kinda of workouts they do

Zorsith@lemmy.blahaj.zone on 30 Jun 05:59 collapse

Imagine how much data could be collected from, say, a busy gym full of people with wireless headphones, or a hotel lobby