""You're walking down the street with your headphones on, you're listening to some music. In less than 15 seconds, we can hijack your device," KU Leuven researcher Sayon Duttagupta told Wired. "Which means that I can turn on the microphone and listen to your ambient sound. I can inject audio. I can track your location.""
""We appreciate collaborating with security researchers through our Vulnerability Rewards Program, which helps keep our users safe," a Google spokesperson wrote in a statement sent to Engadget. "We worked with these researchers to fix these vulnerabilities, and we have not seen evidence of any exploitation outside of this report's lab setting. As a best sec"
Security researchers at KU Leuven discovered a Bluetooth vulnerability named WhisperPair that affects 17 headphone and speaker models. The flaw stems from improper implementation of Google's Fast Pair protocol by some hardware partners. An attacker within Bluetooth range needs only the accessory model number and a few seconds to pair with a device already paired to a phone. Successful exploitation can enable microphone activation, audio injection, and location tracking. The researchers notified Google in August, and Google provided recommended fixes to hardware partners in September. Google reports no evidence of exploitation beyond the lab and recommends updating devices.
Read at Engadget
Unable to calculate read time
Collection
[
|
...
]