Bluetooth Headphone Hacking: Need to worry?

U.S. Vice President Kamala Harris was recently reported in an article in Politico’s Westwing Playbook, denying the use of Bluetooth headphones and believing that they are vulnerable to attacks by malicious hackers. rice field. The article describes the Vice President as “Bluetooth phobia,” but is there anything more than a delusion here? Is Bluetooth Headphone Hacking Really a Problem?

Bluetooth technology streamlines gadgets and eliminates most of the annoying wires and jacks that forever get entangled in the bottom of bags and in the back of drawers. However, there is a cost. Bluetooth technology tends to take an inadequate attitude towards security because it is limited due to its short range of motion and is designed to be used only between nearby devices.

What do experts say about hacking Bluetooth headphones?

“Risks are significant,” says Christoph Dosh, Associate Dean of the Australian Institute for Business Intelligence. “Bluetooth is one of these technologies that was first designed without much concern for security.”

Close-up of a woman giving a speech-Kamara Harris recently talked about Bluetooth headphone hacking
Credits: Drew Angerer / Staff / Getty Images

This is especially true for harmless add-ons such as headphones.

Different devices typically have different security features that provide the strictest protection in the places you expect, such as computers and laptops. But with headphones? Not so many.

“Bluetooth headphones are usually a fairly’dumb’device,” said Paul Haskell-Dowland, professor of cybersecurity practice at the University of Edithco One’s Faculty of Science and Deputy Dean of Computing and Security.

He says he doesn’t tend to care about cryptographic devices such as headphones.

“Most headsets can be connected by simply pressing a button on the headset to start” sync “. You can also make a direct selection over the phone and no further action is required, “he says.

Still, our headphones are particularly unlikely to provide a “crack” that an attacker can directly invade, and are generally not afraid to enjoy a wireless groove session.

“If you just listen to music, such headphones don’t really represent a significant risk,” says Haskell-Dowland.

Instead, their greatest vulnerability is due to their susceptibility to eavesdropping.

How can others eavesdrop on your Bluetooth headphones?

This is because it’s not just for listening to your favorite songs on headphones, but for everyday use on the phone and remote meetings. As a radio frequency device, you have the opportunity to capture radio signals and eavesdrop on communications.

“A competent and determined attacker could use Bluetooth headphones and protocols to implement a man-in-the-middle attack, for example, and effectively intercept all traffic in and out of the headphones,” Doche said. say.

Haskell-Dowland has expressed similar concerns, but reiterated that many of the threats are context-sensitive.

“Given that much of the use of Bluetooth headsets is done in public, the concern is probably the same as being heard by someone sitting next to you on the train. The audio capture includes all parties involved in the call, “he says. To tell.

This means that leaked sensitive information is as secure as the weakest point in the chain. You can take steps to secure yourself, but only one group member wearing Bluetooth headphones can open the entire conversation to your prying ears.

Nine-color icons for different types of earphones that can be vulnerable to Bluetooth headphone hacking
Credits: vector / Getty Images

In rare cases, a more sophisticated attack called privilege escalation may be carried out. This includes the transition from wireless communication channels to access to data on the device itself.

Kim Crawley, a cybersecurity researcher and book author at Hack The Box, said: Eight Steps to Strengthening Security: A Simple Cyber ​​Resilience Guide for Business (Wiley Tech).

Does this mean that Harris needs attention?

Crawley believes Kamala Harris is right to be careful about hacking Bluetooth headphones, given her position.

“I don’t often agree with Vice President Harris, but I definitely agree with the use of wired earphones and microphones,” she says.

“She is the target of prominent cyberattacks and is often familiar with highly sensitive information. Eliminating the possibility of wireless interception from the device-to-peripher level is cybersecurity. We do what we call “reduce the attack surface”. “

Doche agrees, but note that this does not mean that we all need to worry as well, just because Harris may be justified by her careful approach.

“Everyday people face exactly the same problems,” he says. “But it’s less likely that a competent and determined attacker will try to break the headphones just because they’re not the focus of attention. They say they’re facing a smaller risk. It is no exaggeration to say. “

The risks of Bluetooth headsets are small and generally focused on a particular individual, but it is always a good idea to be aware of the risks and minimize vulnerabilities.

“What we do with computer technology is never zero risk,” says Crawley. “It’s about deciding what level of risk is acceptable to us.

“All new Bluetooth standards feature stronger and more secure encryption implementations, but the technology used by cyber attackers to break or bypass encryption is always strong. Encryption and decryption are always a pretend game and a digital military expansion competition. “

What is the best way to protect your privacy?

  • The first step is done at the time of purchase. Buying a headset that requires a PIN code to connect to your cell phone or computer is a good start, but you can also look for a headset that uses encryption to support a stronger level of security. If possible, change the PIN code to a unique value. If your headset shares a common default code, you can easily track the code in the online manual.
  • Try using a headset that supports the latest version of Bluetooth.
  • Keep Bluetooth in “detectable” mode only when pairing new headphones with your cell phone or laptop. Once linked, the device holds a unique identification code for the headset. You don’t have to duplicate the linking process every time you use the same headphones.
  • Turn off Bluetooth when you’re not using it (although this can be difficult in countries where the COVID Track and Trace app uses Bluetooth).

Leave a Comment