The vulnerability was first discovered by Belgium's KU Leuven University Computer Security and Industrial Cryptography Group, and is being dubbed "WhisperPair." It takes advantage of Android's Fast Pair feature, which allows for convenient, one-tap connections to nearby Bluetooth devices, similar to what might pop up on your iPhone screen if you open an AirPods case near it. Unfortunately, according to the researchers, they've discovered that it's possible for a malicious actor to essentially hijack the pairing process, giving them a hidden window into your audio device while still letting it connect to your phone or tablet, leaving you none the wiser.
OK, so a hacker can listen in on your headphones. Big whoop. But yes, actually. Big whoop indeed.
How this puts you at risk
That last vulnerability is the most concerning to me, although it's also the hardest for hackers to pull off. Right now, it's only been documented in the Google Pixel Buds Pro 2 and five Sony products, and requires you to have not previously connected them to an Android device or paired them with a Google account.
The researchers reached out to Google, which has come up with a series of recommended fixes—but here's where the problems come in: These fixes need to be implemented by the accessory makers on an individual basis, and you'll likely need to install them manually.
To ensure you get your device's fixes when they roll out to you, the researcher who discovered WhisperPair suggests downloading its corresponding app—something most audio devices offer these days. “If you don't have the [Sony app], then you'll never know that there's a software update for your Sony headphones,” KU Leuven researcher Seppe Wyns told WIRED.
Unfortunately, Fast Pair can't be disabled, so until your device's manufacturer rolls out its own update, it will be vulnerable. There is a panic button you can hit if you notice unusual behavior in the meantime, as the researchers say that factory resetting your audio device will clear it of any hackers who have already paired to it. Unfortunately, that still leaves it vulnerable for new hackers going forward.
The risk is real but mostly theoretical for now
On that note, if you're a smug iPhone user reading this, you shouldn't feel too comfortable: WhisperPair could affect you too. While the vulnerability can't originate on an Apple device, if you happen to connect a device that has already been hacked on an Android to your iPhone or iPad, then you're in the same boat.
How to know if you're at risk
I wish I could offer a simple solution that would instantly beef up the security on all of your devices, but unfortunately, staying safe from WhisperPair will take some vigilance on your part—in particular, looking out for an update from your device's manufacturer. To check whether the WhisperPair vulnerability affects you, visit the researchers' website and search for your device. It'll tell you the manufacturer, whether it's vulnerable, and what steps you can take to plug the vulnerability. Note that the short list that first pops up under the search bar doesn't include every vulnerable device, so don't assume you're safe just because you don't see yours there—search for it first.
Hence then, the article about millions of earbuds and headphones have a serious android security vulnerability was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( Millions of Earbuds and Headphones Have a Serious Android Security Vulnerability )
Also on site :