"Today, security researchers at Belgium's KU Leuven University Computer Security and Industrial Cryptography group are revealing a collection of vulnerabilities they found in 17 audio accessories that use Google's Fast Pair protocol and are sold by 10 different companies: Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google itself. The hacking techniques the researchers demonstrated, which they're collectively calling WhisperPair, would allow anyone within Bluetooth range of those devices-close to 50 feet in their testing-to silently pair with audio peripherals and hijack them."
"Depending on the accessory, a hacker could take over or disrupt audio streams or phone conversations, play their own audio through the victim's ear buds or speakers at whatever volume they chose, or undetectably take over microphones to listen to the victim's surroundings. Worse yet, certain devices sold by Google and Sony that are compatible with Google's device geolocation tracking feature, Find Hub, could also be exploited to allow stealthy, high-resolution stalking."
Security researchers at KU Leuven found vulnerabilities in 17 audio accessory models using Google's Fast Pair, sold by 10 companies including Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google. The flaws allow attackers within Bluetooth range (about 50 feet) to silently pair and hijack devices using techniques called WhisperPair. Compromises include audio stream disruption, playback of attacker audio at chosen volume, covert microphone takeover for eavesdropping, and exploitation of Find Hub-compatible devices for stealthy, high-resolution location tracking of targets. Victims can include iPhone users who never owned a Google device.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]