Security Experts: Bluetooth Headphones May Become a Tool for Eavesdropping

SadaNews - As technological development dominates all fields, smartphones and wireless technologies have become an integral part of people's daily routines.

However, security experts have revealed serious vulnerabilities in several popular Bluetooth headphones that could allow hackers to penetrate these devices and spy on their users, even executing advanced breaches that may include the connected phones, according to Forbes.

German security researcher Denis Hines, along with Friedr Steinmetz from the cybersecurity company ERNW, announced the discovery of several vulnerabilities in devices that rely on Airoha chips, one of the leading companies in Bluetooth technology manufacturing, especially TWS (True Wireless Stereo) headphones.

These vulnerabilities allow - in some cases - complete remote control of the headphones without the need for any pairing or authentication, provided the attacker is within the Bluetooth range of the device, according to the researchers.

Breach of Trust Links

Hines warned that if a hacker successfully exploits these vulnerabilities, they would be able to read and write the device's memory, break the trust links between the headphones and the phone, and eavesdrop on what the microphone picks up, provided the headphones are powered on and not in active use.

Additionally, in some scenarios, the hacker could impersonate the headphones and execute commands on the smartphone, such as making calls or extracting contacts and call logs, which poses a direct threat to privacy.

Specific Groups

Despite the fact that hackers may not target the average user at this stage, researchers confirmed that the risks affect specific groups, including journalists, diplomats, activists, and political opponents, especially in environments subject to surveillance or intense monitoring.

Hines also emphasized the importance of updating the firmware of devices as they become available, stressing the need to completely disconnect the headphones from the phone, not just turn them off. He stated that "the warning is directed at anyone using these headphones in sensitive locations or during tasks that require high privacy."

Action to Address Vulnerabilities

Meanwhile, Airoha issued an update package to address the vulnerabilities in the first week of June, while some manufacturers have begun to prepare their own updates, according to the report.

Jabra also confirmed, in an official statement, that it is working on a security update to address the vulnerability in the Elite 8 and Elite 10 headphones, while other models are not affected.

Automatic Security Updates

For his part, Boris Sebot, Chief Security Engineer at Black Duck, stressed that every new technological development carries undiscovered vulnerabilities, calling for the issuance of automatic security updates without relying on user intervention.

Sebot concluded by stating that "maintaining the security of devices is a shared responsibility between companies and users, but the greatest burden lies with manufacturers to ensure a quick and effective response."