Masalah Security di Headphone Wireless
Kutipan dari twitter tentang masalah keamanan di headphone wireless. Salah satu masalah wireless adalah keamanan data. Kalau mau 100% aman memang lebih baik pakai headphone kabel saja.
Just saw a sick live demo of wireless headphone hijacking that allows the attacker to perform the following without ever pairing the device. All the attacker has to do is be in range.
- read/write arbitrary bytes to device
- read headphones information
- dump firmware info
- extract paired devices information (name, link key, MAC address)
and since you can extract the above information, the attacker can then impersonate as the device and perform actions like
- access voice assistants (send text and other possibly sensitive actions; may require phone unlock)
- get phone numbers
- call control
- audio routing
Lots of devices using the Airoha chipsets are affected, especially Sony devices. The vulns were first disclosed back in June.
Links: