Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mobile.android > #150166 > unrolled thread

PSA Wireless earbuds allow tracking & eavesdropping

Back to article view | Back to comp.mobile.android

Contents

  PSA Wireless earbuds allow tracking & eavesdropping Marion <marion@facts.com> - 2025-08-04 23:31 +0000
    Re: PSA Wireless earbuds allow tracking & eavesdropping Alan <nuh-uh@nope.com> - 2025-08-04 18:24 -0700
      Re: PSA Wireless earbuds allow tracking & eavesdropping "Carlos E.R." <robin_listas@es.invalid> - 2025-08-05 12:53 +0200
        Re: PSA Wireless earbuds allow tracking & eavesdropping Jolly Roger <jollyroger@pobox.com> - 2025-08-05 13:16 +0000
          Re: PSA Wireless earbuds allow tracking & eavesdropping Marion <marion@facts.com> - 2025-08-05 19:02 +0000
            Re: PSA Wireless earbuds allow tracking & eavesdropping Jolly Roger <jollyroger@pobox.com> - 2025-08-05 19:49 +0000
              Re: PSA Wireless earbuds allow tracking & eavesdropping Marion <marion@facts.com> - 2025-08-05 20:03 +0000
                Re: PSA Wireless earbuds allow tracking & eavesdropping Jolly Roger <jollyroger@pobox.com> - 2025-08-05 21:50 +0000
                  Re: PSA Wireless earbuds allow tracking & eavesdropping "Carlos E.R." <robin_listas@es.invalid> - 2025-08-06 00:37 +0200
                    Re: PSA Wireless earbuds allow tracking & eavesdropping Alan <nuh-uh@nope.com> - 2025-08-05 16:05 -0700
                      Re: PSA Wireless earbuds allow tracking & eavesdropping Jolly Roger <jollyroger@pobox.com> - 2025-08-06 16:17 +0000
                    Re: PSA Wireless earbuds allow tracking & eavesdropping Jolly Roger <jollyroger@pobox.com> - 2025-08-06 16:15 +0000
                  Re: PSA Wireless earbuds allow tracking & eavesdropping Marion <marion@facts.com> - 2025-08-05 22:45 +0000
                    Re: PSA Wireless earbuds allow tracking & eavesdropping Jolly Roger <jollyroger@pobox.com> - 2025-08-06 16:18 +0000
                      Re: PSA Wireless earbuds allow tracking & eavesdropping Marion <marion@facts.com> - 2025-08-06 17:41 +0000
                        Re: PSA Wireless earbuds allow tracking & eavesdropping Alan <nuh-uh@nope.com> - 2025-08-06 11:00 -0700
        Re: PSA Wireless earbuds allow tracking & eavesdropping Marion <marion@facts.com> - 2025-08-05 18:54 +0000
          Re: PSA Wireless earbuds allow tracking & eavesdropping Marion <marion@facts.com> - 2025-08-05 19:00 +0000
    Re: PSA Wireless earbuds allow tracking & eavesdropping Marion <marion@facts.com> - 2025-08-05 19:20 +0000

#150166 — PSA Wireless earbuds allow tracking & eavesdropping

Saw this in the news today, where those whose phones lack basic 
functionality might want to consider the resulting courageous 
loss of privacy (which you have no way of recovering from).

I guess it's courageous to be hacked & tracked...

 *One more reason to stick with wired earbuds?*
 <https://www.techradar.com/audio/earbuds-airpods/one-more-reason-to-stick-with-wired-earbuds-kamala-harris-warns-im-just-telling-you-thats-a-little-bit-more-secure-than-wireless-earbuds-after-her-experience-in-intelligence-briefings>
 "Kamala Harris warns I'm just telling you that it is a little
  bit more secure than wireless earbuds after her experience 
  in intelligence briefings"

  "The former Vice President doesn't trust wireless headphones, 
   and she's got good reason not to."

  "Vulnerabilities have been found in many big-name products."
  "Security risk is very very low, but it's not zero."

  "As she explained: I have been in classified briefings and
   I'm telling you, don't be on the train using your AirPods 
   thinking someone can't listen to your conversation."

  "The risks from wireless devices aren't just interception. 
   For example, the UK's Ministry of Justice notes that
   Bluetooth devices can be used to track someone's location."

Via the wireless earbud signals, hackers can track you, 
listen to your conversations, hack into your phone, and 
gain complete access to all your trusted devices.

ADDITIONAL REFERENCES:
 <https://www.malwarebytes.com/blog/news/2025/07/bluetooth-vulnerability-in-audio-devices-can-be-exploited-to-spy-on-users>
 <https://cybersecuritynews.com/bluetooth-vulnerabilities/>

[toc] | [next] | [standalone]

#150167

On 2025-08-04 16:31, Marion wrote:
> Saw this in the news today, where those whose phones lack basic 
> functionality might want to consider the resulting courageous loss
> of privacy (which you have no way of recovering from).
> 
> I guess it's courageous to be hacked & tracked...
> 
> *One more reason to stick with wired earbuds?* 

> <https://
> www.techradar.com/audio/earbuds-airpods/one-more-reason-to-stick-
> with-wired-earbuds-kamala-harris-warns-im-just-telling-you-thats-a-
> little-bit-more-secure-than-wireless-earbuds-after-her-experience-in-
> intelligence-briefings> 

> "Kamala Harris warns I'm just telling you
> that it is a little bit more secure than wireless earbuds after her
> experience in intelligence briefings"
> 
> "The former Vice President doesn't trust wireless headphones, and
> she's got good reason not to."
> 
> "Vulnerabilities have been found in many big-name products." 
> "Security risk is very very low, but it's not zero."
> 
> "As she explained: I have been in classified briefings and I'm
> telling you, don't be on the train using your AirPods thinking
> someone can't listen to your conversation."
> 
> "The risks from wireless devices aren't just interception. For
> example, the UK's Ministry of Justice notes that Bluetooth devices
> can be used to track someone's location."
> 
> Via the wireless earbud signals, hackers can track you, listen to
> your conversations, hack into your phone, and gain complete access
> to all your trusted devices.
> 
> ADDITIONAL REFERENCES: <https://www.malwarebytes.com/blog/
> news/2025/07/bluetooth-vulnerability-in-audio-devices-can-be-
> exploited-to-spy-on-users>

Where they don't list a single Apple device as being vulnerable.


> <https://cybersecuritynews.com/bluetooth-
> vulnerabilities/>

Where Apple isn't named among the manufactures whose devices are vulnerable.

[toc] | [prev] | [next] | [standalone]

#150170

On 2025-08-05 03:24, Alan wrote:
> On 2025-08-04 16:31, Marion wrote:
>> Saw this in the news today, where those whose phones lack basic 
>> functionality might want to consider the resulting courageous loss
>> of privacy (which you have no way of recovering from).
>>
>> I guess it's courageous to be hacked & tracked...
>>
>> *One more reason to stick with wired earbuds?* 
> 
>> <https://
>> www.techradar.com/audio/earbuds-airpods/one-more-reason-to-stick-
>> with-wired-earbuds-kamala-harris-warns-im-just-telling-you-thats-a-
>> little-bit-more-secure-than-wireless-earbuds-after-her-experience-in-
>> intelligence-briefings> 
> 
>> "Kamala Harris warns I'm just telling you
>> that it is a little bit more secure than wireless earbuds after her
>> experience in intelligence briefings"
>>
>> "The former Vice President doesn't trust wireless headphones, and
>> she's got good reason not to."
>>
>> "Vulnerabilities have been found in many big-name products." "Security 
>> risk is very very low, but it's not zero."
>>
>> "As she explained: I have been in classified briefings and I'm
>> telling you, don't be on the train using your AirPods thinking
>> someone can't listen to your conversation."
>>
>> "The risks from wireless devices aren't just interception. For
>> example, the UK's Ministry of Justice notes that Bluetooth devices
>> can be used to track someone's location."
>>
>> Via the wireless earbud signals, hackers can track you, listen to
>> your conversations, hack into your phone, and gain complete access
>> to all your trusted devices.
>>
>> ADDITIONAL REFERENCES: <https://www.malwarebytes.com/blog/
>> news/2025/07/bluetooth-vulnerability-in-audio-devices-can-be-
>> exploited-to-spy-on-users>
> 
> Where they don't list a single Apple device as being vulnerable.

But if you are using an iPhone and one of the currently known affected 
BT earphones or earbuds, you are vulnerable.


> 
> 
>> <https://cybersecuritynews.com/bluetooth-
>> vulnerabilities/>
> 
> Where Apple isn't named among the manufactures whose devices are 
> vulnerable.


-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]

#150172

On 2025-08-05, Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2025-08-05 03:24, Alan wrote:
>> On 2025-08-04 16:31, Marion wrote:
>>> Saw this in the news today, where those whose phones lack basic 
>>> functionality might want to consider the resulting courageous loss
>>> of privacy (which you have no way of recovering from).
>>>
>>> I guess it's courageous to be hacked & tracked...

Apple's AirPods are unaffected.

>>> *One more reason to stick with wired earbuds?* 
 
Or just stick with your AirPods.

>>> ADDITIONAL REFERENCES: <https://www.malwarebytes.com/blog/
>>> news/2025/07/bluetooth-vulnerability-in-audio-devices-can-be-
>>> exploited-to-spy-on-users>
>> 
>> Where they don't list a single Apple device as being vulnerable.
>
> But if you are using an iPhone and one of the currently known affected 
> BT earphones or earbuds, you are vulnerable.

AirPods aren't vulnerable though. So if you use them, you're fine.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#150176

On 5 Aug 2025 13:16:35 GMT, Jolly Roger wrote :


>>> Where they don't list a single Apple device as being vulnerable.
>>
>> But if you are using an iPhone and one of the currently known affected 
>> BT earphones or earbuds, you are vulnerable.
> 
> AirPods aren't vulnerable though. So if you use them, you're fine.

Are you confident that there are no security holes in AirPods, Jolly Roger?

[toc] | [prev] | [next] | [standalone]

#150178

On 2025-08-05, Marion <marion@facts.com> wrote:
> On 5 Aug 2025 13:16:35 GMT, Jolly Roger wrote :
>
>>>> Where they don't list a single Apple device as being vulnerable.
>>>
>>> But if you are using an iPhone and one of the currently known
>>> affected BT earphones or earbuds, you are vulnerable.
>> 
>> AirPods aren't vulnerable though. So if you use them, you're fine.
>
> Are you confident

Very. This vulnerability does not affect AirPods. And you *hate* this
fact.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#150179

On 5 Aug 2025 19:49:23 GMT, Jolly Roger wrote :


>>> AirPods aren't vulnerable though. So if you use them, you're fine.
>>
>> Are you confident
> 
> Very. This vulnerability does not affect AirPods. And you *hate* this
> fact.

Given Google Project Zero has proved Apple never tests much of their code,
I find it admirable that you have so much courage about AirPods firmware.
 <https://cyberscoop.com/iphone-hack-google-project-zero/>

Given any phone that lacks basic hardware has to replace it somehow,
usually with bluetooth earbuds, what do you think of this CVE history?
 +----------------+------------------------------+--------+------------+
 | CVE ID         | Description                  | CVSS   | Date       |
 +----------------+------------------------------+--------+------------+
 | CVE-2011-1265  | MS Bluetooth stack RCE       | 8.8 H  | 2011-04-12 |
 | CVE-2020-35473 | BLE scan info leakage        | 4.3 M  | 2020-12-15 |
 | CVE-2022-24695 | MAC ID exposure via Classic  | 4.3 M  | 2022-04-01 |
 | CVE-2022-25836 | BLE pairing MITM attack      | 7.5 H  | 2022-08-04 |
 | CVE-2022-25837 | BR/EDR pairing confusion     | 7.5 H  | 2022-08-04 |
 | CVE-2025-20700 | Missing auth for GATT        | 8.8 H  | 2025-03-12 |
 | CVE-2025-20701 | Missing auth for BR/EDR      | 8.8 H  | 2025-03-12 |
 | CVE-2025-20702 | Custom protocol exploit      | 9.6 C  | 2025-03-12 |
 | CVE-2025-5478  | SDP protocol integer overflow| 9.8 C  | 2025-06-20 |
 | CVE-2025-5479  | AVCTP heap overflow          | 9.8 C  | 2025-06-20 |
 +----------------+------------------------------+--------+------------+

Do you feel this CVE is the very last bluetooth vulnerability to be found?

[toc] | [prev] | [next] | [standalone]

#150180

On 2025-08-05, Marion <marion@facts.com> wrote:
> On 5 Aug 2025 19:49:23 GMT, Jolly Roger wrote :
>
>>>> AirPods aren't vulnerable though. So if you use them, you're fine.
>>>
>>> Are you confident
>> 
>> Very. This vulnerability does not affect AirPods. And you *hate* this
>> fact.
>
> Blah blah blah blah

Nothing you can say will change the FACT that this vulnerability DOES
NOT affect Airpods, little Arlen. And you *HATE* that FACT with every
fiber of your tortured inconsequential being. Squirm, little worm! 🤣

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#150181

On 2025-08-05 23:50, Jolly Roger wrote:
> On 2025-08-05, Marion <marion@facts.com> wrote:
>> On 5 Aug 2025 19:49:23 GMT, Jolly Roger wrote :
>>
>>>>> AirPods aren't vulnerable though. So if you use them, you're fine.
>>>>
>>>> Are you confident
>>>
>>> Very. This vulnerability does not affect AirPods. And you *hate* this
>>> fact.
>>
>> Blah blah blah blah
> 
> Nothing you can say will change the FACT that this vulnerability DOES
> NOT affect Airpods, little Arlen. And you *HATE* that FACT with every
> fiber of your tortured inconsequential being. Squirm, little worm! 🤣
> 

Nobody said *this* vulnerability affects airpods. But it does affect 
iphones using other earphones or ear things. And those will be a lot of 
people.

Now just accept that nicely, don't grab at straws, or you will be as bad 
as him.

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]

#150183

On 2025-08-05 15:37, Carlos E.R. wrote:
> On 2025-08-05 23:50, Jolly Roger wrote:
>> On 2025-08-05, Marion <marion@facts.com> wrote:
>>> On 5 Aug 2025 19:49:23 GMT, Jolly Roger wrote :
>>>
>>>>>> AirPods aren't vulnerable though. So if you use them, you're fine.
>>>>>
>>>>> Are you confident
>>>>
>>>> Very. This vulnerability does not affect AirPods. And you *hate* this
>>>> fact.
>>>
>>> Blah blah blah blah
>>
>> Nothing you can say will change the FACT that this vulnerability DOES
>> NOT affect Airpods, little Arlen. And you *HATE* that FACT with every
>> fiber of your tortured inconsequential being. Squirm, little worm! 🤣
>>
> 
> Nobody said *this* vulnerability affects airpods. But it does affect 
> iphones using other earphones or ear things. And those will be a lot of 
> people.
> 
> Now just accept that nicely, don't grab at straws, or you will be as bad 
> as him.
> 

Please note that Arlen didn't mention that AirPods aren't affected by this.

'Via the wireless earbud signals, hackers can track you,
listen to your conversations, hack into your phone, and
gain complete access to all your trusted devices.'

And he said:

'I guess it's courageous to be hacked & tracked...'

Which is his dog whistle about Apple devices.

[toc] | [prev] | [next] | [standalone]

#150186

On 2025-08-05, Alan <nuh-uh@nope.com> wrote:
> On 2025-08-05 15:37, Carlos E.R. wrote:
>> On 2025-08-05 23:50, Jolly Roger wrote:
>>> On 2025-08-05, Marion <marion@facts.com> wrote:
>>>> On 5 Aug 2025 19:49:23 GMT, Jolly Roger wrote :
>>>>
>>>>>>> AirPods aren't vulnerable though. So if you use them, you're
>>>>>>> fine.
>>>>>>
>>>>>> Are you confident
>>>>>
>>>>> Very. This vulnerability does not affect AirPods. And you *hate*
>>>>> this fact.
>>>>
>>>> Blah blah blah blah
>>>
>>> Nothing you can say will change the FACT that this vulnerability
>>> DOES NOT affect Airpods, little Arlen. And you *HATE* that FACT with
>>> every fiber of your tortured inconsequential being. Squirm, little
>>> worm! 🤣
>>>
>> 
>> Nobody said *this* vulnerability affects airpods. But it does affect
>> iphones using other earphones or ear things. And those will be a lot
>> of people.
>> 
>> Now just accept that nicely, don't grab at straws, or you will be as
>> bad as him.
>
> Please note that Arlen didn't mention that AirPods aren't affected by
> this.
>
> 'Via the wireless earbud signals, hackers can track you, listen to
> your conversations, hack into your phone, and gain complete access to
> all your trusted devices.'
>
> And he said:
>
> 'I guess it's courageous to be hacked & tracked...'
>
> Which is his dog whistle about Apple devices.

Carlos wants us to just ignore that part. Otherwise we are supposedly
"as bad as him". 😉

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#150185

On 2025-08-05, Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2025-08-05 23:50, Jolly Roger wrote:
>> On 2025-08-05, Marion <marion@facts.com> wrote:
>>> On 5 Aug 2025 19:49:23 GMT, Jolly Roger wrote :
>>>
>>>>>> AirPods aren't vulnerable though. So if you use them, you're
>>>>>> fine.
>>>>>
>>>>> Are you confident
>>>>
>>>> Very. This vulnerability does not affect AirPods. And you *hate*
>>>> this fact.
>>>
>>> Blah blah blah blah
>> 
>> Nothing you can say will change the FACT that this vulnerability DOES
>> NOT affect Airpods, little Arlen. And you *HATE* that FACT with every
>> fiber of your tortured inconsequential being. Squirm, little worm! 🤣
>
> Nobody said *this* vulnerability affects airpods.

Nobody claimed anyone said it.

> Now just accept that nicely

Follow your own advice.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#150182

On 5 Aug 2025 21:50:16 GMT, Jolly Roger wrote :


> Nothing you can say will change the FACT that this vulnerability DOES
> NOT affect Airpods. And you *HATE* that FACT with every fiber of your 
> tortured inconsequential being. Squirm, little worm!

Wow. Thanks for the passion you have for defending Apple to the death!

Just to clarify: Nobody claimed the latest CVE affects AirPods. 
The claim was only that prior CVEs did, which is a documented fact. 

And the prediction, given Apple it proven by Google's Project Zero Apple
never once tested much of their own code, that more CVE's are to come.
 <https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

If you're interested in a constructive bluetooth discussion, most of us
would be happy to share sources to talk you through the technical details. 

If not, you can still enjoy Apple's "bold new colors" & "exciting emojis".

[toc] | [prev] | [next] | [standalone]

#150187

On 2025-08-05, Marion <marion@facts.com> wrote:
> On 5 Aug 2025 21:50:16 GMT, Jolly Roger wrote :
>
>> Nothing you can say will change the FACT that this vulnerability DOES
>> NOT affect Airpods. And you *HATE* that FACT with every fiber of your
>> tortured inconsequential being. Squirm, little worm!
>
> Wow. Thanks for the passion you have for defending Apple to the death!

You *HATE* the fact that this vulnerability doesn't affect AirPods.
Seethe, little Arlen! 🤣

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#150188

On 6 Aug 2025 16:18:35 GMT, Jolly Roger wrote :


>> Wow. Thanks for the passion you have for defending Apple to the death!
> 
> You *HATE* the fact that this vulnerability doesn't affect AirPods.

It's interesting how you Apple trolls are defending your beloved AirPods to
the death - even though nobody ever said this particular CVE affects them.

We said past CVE's affected them; & predicted future CVE's will too.
And we showed proof that Apple has never tested much of their own code.
Which, we showed, is why iOS has 1-1/2 times the number of 0-day exploits.

Carlos brought up that phone owners aren't all buying only AirPods.
Many iPhone & Android owners buy earbuds that are not from Apple.

This PSA is for them.

[toc] | [prev] | [next] | [standalone]

#150189

On 2025-08-06 10:41, Marion wrote:
> On 6 Aug 2025 16:18:35 GMT, Jolly Roger wrote :
> 
> 
>>> Wow. Thanks for the passion you have for defending Apple to the death!
>>
>> You *HATE* the fact that this vulnerability doesn't affect AirPods.
> 
> It's interesting how you Apple trolls are defending your beloved AirPods to
> the death - even though nobody ever said this particular CVE affects them.
> 
> We said past CVE's affected them; & predicted future CVE's will too.
> And we showed proof that Apple has never tested much of their own code.

Nope. You have never once shown any such proof.

[toc] | [prev] | [next] | [standalone]

#150174

 On Tue, 5 Aug 2025 12:53:05 +0200, Carlos E.R. wrote :


>> Where they don't list a single Apple device as being vulnerable.
> 
> But if you are using an iPhone and one of the currently known affected 
> BT earphones or earbuds, you are vulnerable.

I will agree with anyone who makes a logically sensible statement, no
matter who they are (and I will disagree with anyone who doesn't too).

Chris is correct in his logic that if you don't have the basic
functionality of an aux port, then that courageous loss of functionality
exposes you to bluetooth vulnerabilities - whether or not they exist today.

The fact is that most bluetooth vulnerabilities will be fixed once they're
found, but the fact is they're not fixed until/unless they're found.

So if your phone lacks basic functionality, then it's courageous to be
tracked and hacked because that's what you risk over & above plain wires.

Rest assured, while the Apple trolls are always proven to be unaware of
Apple vulnerabilities, Apple AirPods have been subject to Bluetooth
vulnerabilities, where Apple has patched them *after* being informed.

Look up CVE-2024-27867 which allowed attackers within range to spoof
previously paired AirPods to let them connect to your AirPods without
permission, which enabled eavesdropping on conversations.

Affected devices included:
 a. AirPods (2nd gen and later)
 b. AirPods Pro (all models)
 c. AirPods Max
 d. Powerbeats Pro
 e. Beats Fit Pro

Apple publicly acknowledged its AirPods flaws on June 25, 2024 in fact.
Apple released firmware updates (6A326 and 6F8) to fix the AirPods.

But - and this is critical - Apple was shown by Google's Project Zero to
never have tested huge chunks of its code, so rest assured Apple didn't
find this flaw and Apple never would have found this flaw since Apple is a
marketing company - not a technical development company.

Apple only markets security.
Security doesn't actually exist on any Apple device.

The flaw, tracked as CVE-2024-27867, was discovered by security researcher
Jonas Dressler who identified that attackers within Bluetooth range could
spoof a previously paired device and gain unauthorized access to AirPods.

Dressler used Bluetooth protocol analysis tools and reverse engineering
techniques to uncover the flaw.

He responsibly disclosed the issue to Apple, following standard coordinated
vulnerability disclosure practices.

Apple investigated, confirmed the issue, and released firmware updates
(6A326 and 6F8) to patch it. 

In summary, if your phone lacks basic functionality, then you're stuck
trying to replace that missing functionality using courageous methods which
expose you to tracking, eavesdropping risks & device trust issues.

Having proved the point, I will say though that this courageous move to
expose yourself to security vulnerabilities is a risk mainly to more
important people than we may be while we're riding on public transport.

[toc] | [prev] | [next] | [standalone]

#150175

On Tue, 5 Aug 2025 18:54:15 -0000 (UTC), Marion wrote :


> Chris is correct in his logic that if you don't have the basic
> functionality of an aux port, then that courageous loss of functionality
> exposes you to bluetooth vulnerabilities - whether or not they exist today.

Ooops. I did it again since Chris & Carlos are indistinguishable to me.
(Note I don't see headers in my gVim window - I just see the template.)

Carlos said the apropos statement that there are more wireless earbuds out
there than just the AirPods (which themselves have been hacked before).

CVE-2024-27867 affected devices included:
 a. AirPods (2nd gen and later)
 b. AirPods Pro (all models)
 c. AirPods Max
 d. Powerbeats Pro
 e. Beats Fit Pro

Apple publicly acknowledged its AirPods flaws on June 25, 2024 in fact.
Apple released firmware updates (6A326 and 6F8) to fix the AirPods.

It's important to note that Apple *never* finds these flaws, so while the
Apple trolls are supremely confident there are no bluetooth flaws in their
beloved AirPods, that inherent trust in Apple has been shown to be
misplaced.

Google's project zero proved Apple never tested much of its code.
So you should assume all AirPods are horribly flawed at this very moment.

Witness prior vulnerabilities to AirPods as the evidence backing it up.
 June 2024 CVE-2024-27867
 July 2024 Firmware Exploit
 June 2024 21 security issues
 etc.

[toc] | [prev] | [next] | [standalone]

#150177

On Mon, 4 Aug 2025 23:31:55 -0000 (UTC), Marion wrote :


> I guess it's courageous to be hacked & tracked...

To further flesh out this public service announcement, bear in mind
an earbud is much like a router in that the firmware is vulnerable.

The fact that it has firmware, is what makes earbods so vulnerable.
Which is why it's not courageous to use wired headphones in your ear.

It's only admirably courageous to use wireless earbuds in your ear.

Given I admire the courage of those who buy phones which lack basic 
functionality, here are past warnings about firmware vulnerabilities.

 *Apple AirPods can be hacked to eavesdrop on your conversations*
 Published June 26, 2024
 <https://www.tomsguide.com/computing/online-security/apple-airpods-can-be-hacked-to-eavesdrop-on-your-conversations-how-to-stay-safe>
 "According to a new advisory from Apple, when your headphones are 
  trying to connect with one of your previously paired devices, 
  an attacker may be able to spoof the intended source device to
  gain access to your headphones." 
  *About the security content of AirPods Firmware*
  <https://support.apple.com/en-us/120907>

 *Apple Scrambles to Fix AirPods Flaw*
 <https://www.headphonesty.com/2024/07/apple-fixes-airpods-flaw-users-risk/>
 "Apple recently faced another security challenge, prompting it
  to release an urgent firmware update for AirPods and other 
  wireless headphones. This update addresses a severe vulnerability
  that allowed hackers to spoof devices and eavesdrop on users, 
  which was a big threat to user privacy."

Note earlier AirPods (1st gen) used basic Bluetooth encryption, 
which could be bypassed with specialized tools in the past.

In summary, the PSA here is that if your phone lacks the basic
functionality of most phones, then it's courageous to risk being
hacked and tracked because wireless earbuds have to use firmware.

[toc] | [prev] | [standalone]

Back to top | Article view | comp.mobile.android

csiph-web