1. Forum
  2. Usenet
  3. COMP.SYS.MAC.SYSTEM

  • Apple basic AirPods flaw puts users at a security risk CVE-2024-27867

    From Charlie@21:1/5 to All on Wed Jul 3 00:15:48 2024
    XPost: misc.phone.mobile.iphone

    Apple Scrambles to Fix AirPods Flaw That Put Users at a Security Risk https://www.headphonesty.com/2024/07/apple-fixes-airpods-flaw-users-risk/

    Update your AirPods ASAP if you don't want to be eavesdropped on.

    Apple recently faced another security challenge, prompting it to release an urgent firmware update for AirPods and other wireless headphones. This
    update addresses a severe vulnerability that allowed hackers to spoof
    devices and eavesdrop on users, which was a big threat to user privacy.

    The flaw, tracked as CVE-2024-27867, was discovered by security researcher Jonas Dressler and was admitted by Apple on June 25, 2024.

    It affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.

    "When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones."
    according to Apple.

    In other words, while reconnecting to previously paired devices, hackers
    could intercept the Bluetooth signal and mimic a trusted device. This
    tricks the headphones into pairing with the attacker's device instead.

    Once paired, the attacker could gain full control over the headphones. So,
    they can eavesdrop on any audio played through the headphones, including private conversations. This could lead to stealing sensitive info, whether personal, work-related, or financial.

    Apple, when notified of this security hole, realized their testing was insufficient and their coding deficient such that the basic necessary
    security checks were never thought of nor, as a result of Apple's
    inattention, basic security tests were never implemented in AirPods.

    The improved state management involves more careful checks when Bluetooth pairing happens to make sure the device trying to connect is really one
    that was approved before. This includes handling the info about previously paired devices better so it's harder for attackers to copy the digital signature of these devices.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)