If you're paranoid about your privacy, you might want to take a leaf out of Kamala Harris' book and opt for wired earphones.
The former Vice President, 60, recently revealed that despite being 'teased' for her choice of headphones, she refuses to modernise her listening experience due to security concerns.
"I’ve served on the Senate Intelligence Committee, I have been in classified briefings and I’m telling you, don’t be on the train using your earpods and thinking somebody can’t listen to your conversation," she said.
Of course, Harris' chinwags would be a lot more juicy for a hacker to listen in on compared to your average person - however, us mere mortals are still at risk of being 'eavesdropped' on too.
Advert
Although the majority of people use wireless headphones these days, it turns out that these don't exactly keep your secrets safe, as hackers can exploit your Bluetooth connection.
Those who use their knowledge of the cyber space for nefarious activities can hijack your headphones, listen in on your conversations and even obtain data from smartphones, shocking research has found.
In June, security chiefs issued a stark warning to those who use Bluetooth devices to listen to their favourite bops, explaining that hackers can take advantage of a number of vulnerabilities.
Experts from the Germany-based IT security service provider ERNW explained that 'any vulnerable device can be compromised if the attacker is in Bluetooth range.'
Advert
Researchers including Dennis Heinze and Frieder Steinmetz found that hackers can take control of earphones and headphones fitted with Airoha Systems on a Chip (SoCs).
The study explains that Airoha is a 'large supplier in the Bluetooth audio space' and that 'several reputable headphone and earbud vendors' have incorporated its tech into their products.
These chips are most commonly used in headsets, earbuds, dongles, speakers, and wireless microphones by a host of big brands, including the likes of Bose, JBL and Sony.
Without laying out the blueprint for how hackers can seize control of a Bluetooth connection, Heinze and Steinmetz detailed how 'attackers [can] fully take over the headphones via Bluetooth.'
The most worrying part is that snoopers don't have to get through any authentication or pairing process to do this, either - all they have to do is be within Bluetooth range.
Advert
The researchers explained: "These devices expose a powerful custom protocol that allows manipulating the device by, for example, reading and writing RAM or reading and writing to the flash.
"We found this protocol to be exposed via BLE GATT to an unpaired attacker. It is also exposed as RFCOMM channel via Bluetooth BD/EDR (also known as Bluetooth Classic).
"Missing authentication for Bluetooth Classic allows an attacker to use this protocol without pairing with the device.
"These capabilities also allow attackers to hijack established trust relationships with other devices, such as the phone paired to the headphones," it went on. "These capabilities allow for multiple attack scenarios."
Advert
Boffins at ERNW purchased numerous wireless headphones to put their security concerns to the test, which they say confirmed that 'the issues are prevalent in many entry-level and flagship models'.
"Furthermore, we know of many more devices using the chips that we assume to be vulnerable, too," it added.
The research explained that it is possible for hackers to read out the media that is currently playing through the headphones via the RAM reading commands, as well as exposing users to 'eavesdropping scenarios'.
It warned that after establishing a Bluetooth HFP connection with a vulnerable device, a hacker can then 'listen to what their microphone is currently recording.'
"For it to go unnoticed, headphones have to be turned on, but not in active use," it said.
Advert
Furthermore, if you're listening to tunes or a podcast via your mobile phone, 'the device’s own phone number and the numbers of incoming calls are typically accessible.'
"Depending on the phone’s configuration, additional data, such as the call history and stored contacts, may also be retrievable," it continues.
There is also 'wormability' to worry about, because devices can be identified via their GATT services and characteristics, it is possible 'to rewrite the firmware to gain code execution' and 'allow for a wormable exploit.'
Although Heinze and Steinmetz say their warning should be taken 'seriously', they explained that its journalists, diplomats, political dissidents, VIPs under surveillance and people in sensitive industries who need to be most wary.
"Most people do not fall into those categories, so you are probably not a target," the pair said. "People in these categories are generally advised to not rely on Bluetooth headphones."
For a successful attack to take place, the experts say that a hacker needs to be close to you - as Bluetooth only works at short range - and then 'exploit multiple technical steps perfectly without being noticed.'
It adds: "The idea that someone could hijack your headphones, impersonate them towards your phone, and potentially make calls or spy on you, sounds pretty alarming. But this kind of attack only makes sense for high-value targets."
Hence why it's wired headphones all the way for people like Harris.
However, Heinze did point out that Airoha - who create the SoCs - have since fixed vulnerabilities in the software development kit, while also supplying new versions to manufacturers.
Still, the responsibility now falls on these manufactures to create and distribute firmware updates.
Here's the full list of 'vulnerable' devices which the ERNW researchers flagged:
- Beyerdynamic Amiron 300
- Bose QuietComfort Earbuds
- EarisMax Bluetooth Auracast Sender
- Jabra Elite 8 Active
- JBL Endurance Race 2
- JBL Live Buds 3
- Jlab Epic Air Sport ANC
- Marshall ACTON III
- Marshall MAJOR V
- Marshall MINOR IV
- Marshall MOTIF II
- Marshall STANMORE III
- Marshall WOBURN III
- MoerLabs EchoBeatz
- Sony CH-720N
- Sony Link Buds S
- Sony ULT Wear
- Sony WF-1000XM3
- Sony WF-1000XM4
- Sony WF-1000XM5
- Sony WF-C500
- Sony WF-C510-GFP
- Sony WH-1000XM4
- Sony WH-1000XM5
- Sony WH-1000XM6
- Sony WH-CH520
- Sony WH-XB910N
- Sony WI-C100
- Teufel Tatws2
LADbible has contacted Airoha, Beyerdynamic, Bose, EarisMax, Jabra, JBL, Jlab, Marshall, MoerLabs, Sony and Teufel for comment.
Topics: Kamala Harris, News, Technology, Crime, World News
Olivia Burke