Ear canal: Why hackers are hacking into wireless headphones

Hackers have learned how to hack popular models of wireless headphones due to vulnerabilities in Bluetooth, experts have warned about this. The purpose of such attacks is to obtain various user data that can be transmitted to headphones from connected devices, including access to conversations and contact lists. For more information about how hackers hack into wireless headphones, how dangerous such attacks are and how to protect yourself from them, read the Izvestia article.

Why are wireless headphones interesting to hackers

Wireless headphones are interesting to cybercriminals as a means of obtaining various user data that can be transmitted to headphones from connected gadgets, says Alexander Samsonov, a leading expert at the Security Code development and testing department, in an interview with Izvestia.

"Potentially, attackers can gain access to user conversations and their contact lists, as well as record audio data from microphones," says the specialist. — The vulnerability also suggests the possibility of writing data to device memory, which allows attackers to download malicious firmware to devices to further escalate attacks.

Photo: IZVESTIA/Pavel Bednyakov

Headphones as an accessory do not arouse suspicion and are rarely perceived as an object of risk, adds Nikita Novikov, an expert on cybersecurity at Angara Security. Therefore, an attack through a vulnerability in Bluetooth headphones becomes especially convenient in the case of targeted surveillance and surveillance, for example, of journalists, officials or business representatives. Such attacks make it possible to listen to conversations, record commands from voice assistants and, with a deeper vulnerability, gain access to paired phones.

—In addition, MITM (man—in-the-middle) attacks are possible through Bluetooth vulnerabilities, allowing audio streams, control commands, and even attempts to distribute malicious code," said Andrey Zhdanukhin, head of the L1 GSOC Gazinformservice analytics group.

Access code: all mobile devices will be included in one database

Will the ban on flashing them help to fight cybercriminals

What is known about vulnerabilities in wireless headphones

At the end of June, BleepingComputer, citing cybersecurity company ERNW, reported that a number of vulnerabilities in the Bluetooth protocol allowed hackers to hack into wireless headphones and intercept data. Experts have found several vulnerabilities in Airoha's Bluetooth controller, which is used in dozens of types of headphones.

As a result, 29 popular device models from companies such as Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs and Teufel were at risk of hacking. Experts concluded that due to the vulnerability, hackers who find themselves in the Bluetooth range of a potential victim can intercept the signal and gain access to headphones by listening to conversations and stealing personal data.

Photo: IZVESTIA/Sergey Konkov

"The very idea that someone could hack into your headphones, connect to your phone and make calls or spy on you sounds pretty alarming," ERNW experts noted. At the same time, experts emphasized that cybercriminals must have both special equipment and good hacking skills to hack headphones. The problem was reported to Airoha engineers, who released an update that fixes the vulnerability.

According to Andrey Zhdanukhin, the ERNW research is an alarming but expected signal. Problems with the security of the Bluetooth protocol and its implementations are not new, but attention to headphones as a potential entry point into the user's ecosystem is becoming more frequent. The scale of the threat stands out in particular: vulnerabilities were found in the Airoha Bluetooth controller, which is used in almost three dozen models from leading global brands.

"This indicates a systemic problem in the supply chain — device manufacturers often integrate chipsets from third—party vendors without properly auditing the security of their firmware," says Izvestia's source. — The ERNW case confirms that even premium brands are not immune from such vulnerabilities.

What cases of hacking of wireless headphones have you encountered before

The history of attacks via Bluetooth shows that wireless technologies have repeatedly become the object of interest from security experts, Nikita Novikov says in an interview with Izvestia. However, targeted hacking of headphones was extremely rare — more often than not, researchers recorded vulnerabilities in phones or in the Bluetooth protocol as such.

— One of the most famous incidents was a set of vulnerabilities called BlueBorne, which allowed attacking devices via Bluetooth without confirming the owner, — says the specialist.

Photo: IZVESTIA/Anna Selina

In addition, according to Nikita Novikov, there have been cases when applications accompanying Bluetooth headphones collected user data or had access to the microphone even when the connection was turned off. But the case involving vulnerabilities in the Bluetooth headphone chip itself is truly unique in terms of the scale and depth of access that attackers can gain. Therefore, it is perceived as a new, more dangerous form of potential control over users' personal space, the expert notes.

People who have access to valuable information, such as corporate information, as well as ordinary users can become victims of hacking of wireless headphones, adds Kaspersky ICS CERT expert Vladimir Dashchenko. The danger is that if the attack is successful, attackers can not only gain access to confidential data, but also use it in more complex attacks in the future.

"The complexity of implementing such attacks is very high, so they can only be used in cases where attackers want to get really important and "expensive" data,— says Alexander Samsonov. — In this regard, the threat may be higher for some high-ranking officials, for example, people who are members of the management of large companies or leaders of public opinion, conditional popular bloggers.

Give a signal: how hackers attack phones with SMS blasters

Special radio transmitters disguise themselves as mobile networks

How to protect yourself from the threat of hacking wireless headphones

In order to minimize the risks of hacking wireless headphones, experts interviewed by Izvestia advise following a number of security measures. In particular, Andrey Zhdanukhin recommends that when updates for headphones or paired devices appear, be sure to install them. Some manufacturers, such as Jabra or Sony, provide updates through their own apps.

"If you don't need to, it's better to keep Bluetooth turned off, especially in public places. In addition to security, this will save you charging your device," says the expert.

Photo: Global Look Press/Valentin Wolf

In addition, it is important not to pair devices with unknown Bluetooth offers. Attackers can use fake devices or "clones" to infiltrate the connection. Today, there are many physical hacking devices, including those for people who do not have advanced hacking skills, who exploit the shortcomings of this technology.

To set up and control wireless headphones, you need to use applications from manufacturers, not third-party solutions. However, you should not give headphones access to a microphone or geolocation if this is not required. And if the headphones unexpectedly reboot, connect to unknown devices, or exhibit unusual behavior, this may be a sign of compromise.

"It makes sense for corporate users to consider Bluetooth devices as potentially vulnerable and implement appropriate security policies at the organizational level," concludes Andrey Zhdanukhin.