this post was submitted on 27 Jun 2025
404 points (98.6% liked)

Technology

71922 readers
3166 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
404
Zero-day: Bluetooth gap turns millions of headphones into listening stations (www.heise.de)
submitted 21 hours ago by rodneyck@lemmy.dbzer0.com to c/technology@lemmy.world
95 comments fedilink hide all child comments
 

The Bluetooth chipset installed in popular models from major manufacturers is vulnerable. Hackers could use it to initiate calls and eavesdrop on devices.

Source

you are viewing a single comment's thread
view the rest of the comments
[–] Catoblepas@piefed.blahaj.zone 21 points 20 hours ago (1 children)

Even if these attacks seem frightening on paper, the ERNW researchers are reassuring: many conditions must be met to carry out an eavesdropping attack. First and foremost, the attacker(s) must be within range of the Bluetooth short-range radio; an attack via the Internet is not possible. They must also carry out several technical steps without attracting attention. And they must have a reason to eavesdrop on the Bluetooth connection, which, according to the discoverers, is only conceivable for a few target people. For example, celebrities, journalists or diplomats, but also political dissidents and employees in security-critical companies are possible targets.

I guess they didn’t point this out because it’s kind of obvious, but it sounds like they also have to actually be on to be exploited. So it’s not going to turn on and start listening to you at least. Definitely concerning, but I’m still gonna be listening to my audio books and podcasts with my wireless headphones.

[–] Goretantath@lemmy.world 7 points 20 hours ago (2 children)

A speaker i have from bose is always on and "sleeping" and can be connected to from the phone no matter what i do, drains the fucking battery and when i want to use it finaly its dead.. wouldnt be surprised if some headphones worked the same..

[–] entwine413@lemm.ee 4 points 19 hours ago

A smart outlet (and running home assistant) will solve that problem.

[–] Catoblepas@piefed.blahaj.zone 2 points 20 hours ago (1 children)

It sounds like they have some kind of wake function that it’s always listening for? I don’t think that’s a common feature in headphones just because of the battery drain, but they’re always chucking useless features on electronics so I’m sure some are floating around out there. I doubt it’s something you wouldn’t know about unless they were secondhand, though.

[–] dgriffith@aussie.zone 5 points 19 hours ago* (last edited 18 hours ago)

It's BLE - Bluetooth Low Energy.

Basically devices with BLE can listen for a wake-up command and turn on, similar to the "magic packet" of wake on Ethernet.

Super convenient for "find my device" applications, also nice to be able to connect and activate the device without having to press a power button like a peasant.

It also means that most devices with BLE end up flat within a month. I had a speaker with BLE and had to deliberately download a much older version of the Android partner app to turn it off, as they dropped the option to do so in later versions for "convenience". With BLE on it would be flat in about 6 weeks regardless of whether I'd used it or not , which really ruined ad-hoc usage for me.