Eargapping
vendor of bluetooth chip used in sony, bose, and everyone else’s headphones leaves debugging protocol completely open with no authentication over bluetooth low energy:
uh oh:
- remotely connect to headphones over thus protocol without needing a pairing interaction
- dump “now playing” data
- connect audio stream and eavesdrop
- dump your phone number
- brick the headphones
- dump the pairing key used to make your phone recognize your headphones as your headphones, and then impersonate your headphones
and that’s when the REAL fun starts:
- talk to your voice assistant remotely
- make and manage calls while your phone is in your pocket
- eavesdrop from your phone microphone (by making you call them and then dropping the bluetooth connection so your phone switches to builtin mic)
- steal your whatsapp from 10ft away (since they have your phone #, the ability to accept the “we’ll call and verify it’s you” phone call
- before your phone starts vibrating, and the ability to listen and hear the code)
- steal your amazon (since you can login thru a phone number and a whatsapp confirmation code)