Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking
4 months ago
- #IoT
- #Bluetooth
- #Cybersecurity
- Google's Fast Pair protocol, designed for easy Bluetooth connections, has vulnerabilities allowing hackers to hijack audio devices.
- Researchers from KU Leuven University discovered 'WhisperPair' vulnerabilities in 17 audio accessories from 10 companies, including Sony, Jabra, and Google.
- Hackers can take over audio streams, microphones, and even track locations via devices compatible with Google's Find Hub feature.
- Google has acknowledged the issue and released patches, but many devices remain vulnerable due to low update rates among users.
- The attack requires proximity (within ~50 feet) and a device's Model ID, which can be obtained through various means, including a public Google API.
- Some devices, like Google Pixel Buds Pro 2 and certain Sony models, allow hackers to link them to their Google accounts for persistent tracking.
- Manufacturers like Xiaomi and JBL are rolling out updates, but users often don't install them due to lack of awareness or app requirements.
- The vulnerabilities stem from implementation flaws in Fast Pair, with both device manufacturers and chipmakers potentially at fault.
- Researchers suggest cryptographic enforcement of pairings to prevent unauthorized access, emphasizing the need for security alongside convenience.
- Users are urged to update their devices and be vigilant about IoT security, as many vulnerabilities persist due to infrequent updates.