From www.pcworld.com
Image: Foundry
If you’re even vaguely paranoid about someone listening in on your conversations, you might be a little anxious about that phone sitting in your pocket going forward—if you use Bluetooth. Newly discovered flaws in Bluetooth security mean that your Bluetooth earbuds and headphones are a lot more vulnerable than you thought.
Security researchers at ERNW presented vulnerabilities in widely used Bluetooth hardware, finding three crucial weaknesses and creating a proof-of-concept exploit. The implementation wasn’t all that sinister—just “reading” what media was currently playing—but the three bugs, one of which was rated as a “high severity issue,” could be expanded far beyond snooping on your racy audiobooks. It’s possible that they could be used to execute calls to specific phone numbers, scrape contacts or call history, or in the most extreme cases execute code remotely and fully compromise a connected smartphone.
According to BleepingComputer, the affected Bluetooth headphone, speaker, and microphone hardware is used by at least 29 devices (and probably many more) from brands like Bose, Sony, Jabra, JLab, Marshall, and JBL, among others. Notable popular models include the Bose QuietComfort earbuds, Sony’s WF and WH headphone series, and Marshall’s Woburn and Stanmore speakers.
That doesn’t mean you should immediately toss your gear in the trash. We’re talking about some pretty in-depth research from people whose entire job is to find and fix these vulnerabilities, and there’s no indication that these problems are actively being exploited “in the wild.” Furthermore, an attacker would need to get physically close to you while you’re using affected Bluetooth hardware to do anything with it.
I suppose it’s technically possible that a hacker could, say, hang out in Times Square and just randomly try to drop malicious code on strangers’ smartphones while they’re listening to Brat. But a more likely scenario is a targeted attack on a specific, high-level individual, which is generally the purview of state-sponsored hacking campaigns. If you’ve never clapped eyes on anything with “TOP SECRET” in the header, you probably don’t have too much to worry about here.
The affected companies were alerted to the vulnerabilities in May, and according to one German publication, some (less than half) have already patched firmware for affected devices.
Author: Michael Crider, Staff Writer, PCWorld
Michael is a 10-year veteran of technology journalism, covering everything from Apple to ZTE. On PCWorld he’s the resident keyboard nut, always using a new one for a review and building a new mechanical board or expanding his desktop “battlestation” in his off hours. Michael’s previous bylines include Android Police, Digital Trends, Wired, Lifehacker, and How-To Geek, and he’s covered events like CES and Mobile World Congress live. Michael lives in Pennsylvania where he’s always looking forward to his next kayaking trip.
[ For more curated tech news, check out the main news page here]
The post Hackers can attack phones via Bluetooth earbuds first appeared on www.pcworld.com
