Connect with us

Tech

Apple Issues New AirPods Security Update For Eavesdropping Flaw

Published

on

Apple Issues New AirPods Security Update For Eavesdropping Flaw

Apple has issued an update for AirPods, after a flaw was discovered that could allow an attacker to connect their device to your headphones and potentially eavesdrop on your conversations.

Apple doesn’t provide much detail about the fix—AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8—to allow as many people as possible to time to update before attackers can get hold of the facts.

However, when your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones, the iPhone maker said on its support page.

Tracked as CVE-2024-27867 and reported by security researcher Jonas Dreßler, the fix is available for AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.

The authentication issue was addressed with improved state management, Apple said.

The iPhone maker has fixed the flaw in a firmware update, which takes place when you charge your AirPods and they’re in Bluetooth range of your iPhone, iPad or Mac that’s connected to Wi-Fi, so you don’t need to manually update. If you are concerned, you can also use your iPhone, iPad or Mac to check that your AirPods have the latest version.

ForbesApple’s ‘Privacy-Focused AI’ Gets Seal Of Approval From Investors

AirPods Eavesdropping Bug—What’s The Risk?

It sounds like a scary security vulnerability—at least on paper—but experts say the risk from the AirPods flaw is actually quite small. “You need to know the device to spoof and be able to spoof it, as well as being in physical range of only a few meters,” says Sean Wright, head of application security at Featurespace.

“Then once you’ve managed to successfully compromise the device, you’ll likely only get access to audio,” Wright points out.

Wright says he’d be far more worried about people eavesdropping on his conversation in real life than via the AirPods flaw. “They would need to spoof your phone, so your headphones would then connect to theirs. But if your headphones are already connected to your phone, it’s unlikely it would connect to their device spoofed as yours.”

The Apple AirPods flaw is interesting, from a security research perspective. However, the chance of it being exploited and the amount of damage it could do are quite small, so you shouldn’t be too worried about it.

Continue Reading