frieder

@[email protected]
130 Followers
357 Following
44 Posts
#infosec is profession and sometimes passion but certainly not identity - driven by curiosity, guided by kindness || #antifa #climateaction ​ || 🏠 Berlin
Pronounshe/him [er/ihm]
searchableyes
friederFeb 11
I will be speaking about Bluetooth hacking in Norway today with @ttdennis
Trying to hold back on the King Harald Bluetooth jokes proves to be challenging.
friederJan 2
Show threadttdennisDec 31
@twillnix and here are the slides for anyone that wants to have a slightly non-yellow experience: https://github.com/auracast-research/race-toolkit/blob/main/assets/39c3_headphone_jacking.pdf
friederDec 28
The recording of the talk @ttdennis and I gave at #39c3 yesterday, is already online: https://media.ccc.de/v/39c3-bluetooth-headphone-jacking-a-key-to-your-phone
Bluetooth Headphone Jacking: A Key to Your Phone

media.ccc.de
friederDec 26
ttdennisDec 26

Join me and @willnix tomorrow at #39c3 talking about Bluetooth headphone hacking and what consequences that might have. We will finally be able to disclose all technical details. We also have a few very cool live demos prepared to demonstrate the issue. Very excited to do the talk and to be back at CCC!

https://fahrplan.events.ccc.de/congress/2025/fahrplan/event/bluetooth-headphone-jacking-a-key-to-your-phone

[39c3] Bluetooth Headphone Jacking: A Key to Your Phone

[Airoha](https://www.airoha.com/) is a vendor that, amongst other things, builds Bluetooth SoCs and offers reference designs and implementations incorporating these chips. They have become a large supplier in the Bluetooth audio space, especially ...

39c3
friederDec 3
1.3.6.1.4.1.61513Dec 2

Your `pip` unwrapped 🎇

- you tried to install `requirements.txt` 18 times this year. Doing better than last year!
- of the packages you installed 67% started with py, 11% python, and 6% Py. You guessed wrong 85 times.
- your love for building source has no bounds, except maybe the 92 failed compiles
- you updated `requests` 18 times. Urllib is feeling lonely.
- the average time between updating `pip` was 97 days. But we warned you 338 times!

friederJul 3, 2025
Show threadEva WolfangelJul 3, 2025
Oh und tut mir einen Gefallen und verschickt keine Archive-Links zu meinem Text, sondern nehmt diesen Geschenklink: https://www.zeit.de/digital/datenschutz/2025-06/sicherheitsluecke-software-bluetooth-kopfhoerer-spionage-daten?freebie=9ae5139c
Sicherheitslücke: Millionen Kopfhörer sind abhörbar

Die Schwachstelle liegt bei einem unbekannten Chiphersteller. Angreifer können mithören und Smartphones übernehmen. Betroffen sind auch Modelle von Sony, Bose und JBL.

DIE ZEIT
friederJul 3, 2025
Eva WolfangelJul 1, 2025
Aktuelle Recherche: Es gibt eine massive Sicherheitslücke in Bluetooth-Kopfhörern. Dadurch lassen sich Gespräche abhören und - das fand ich besonders interessant - KI-Agenten missbrauchen, um Nachrichten zu verschicken, das Adressbuch auszulesen oder ähnliches (alles, was Siri & Co eben können und dürfen)
Betroffen sind auch Flagship-Modelle von Sony, JBL, Bose & Co. Achtung, die Lücke besteht aktuell!
(freier Link am Ende des 🧵 für Follower:innen)
https://www.zeit.de/digital/datenschutz/2025-06/sicherheitsluecke-software-bluetooth-kopfhoerer-spionage-daten
#cybersecurity
Sicherheitslücke: Millionen Kopfhörer sind abhörbar

Die Schwachstelle liegt bei einem unbekannten Chiphersteller. Angreifer können mithören und Smartphones übernehmen. Betroffen sind auch Modelle von Sony, Bose und JBL.

DIE ZEIT
friederJun 27, 2025
Show threadttdennisJun 27, 2025

More technical details will follow soon. Especially details on how to check whether your device is affected.

We hope that vendors quickly release updates with the fixes that were provided by Airoha.

friederJun 27, 2025
ttdennisJun 27, 2025

Yesterday at #Troopers25, @twillnix and I published some of our research on Bluetooth headphones and earbuds. We found that there is a large number of Airoha-based headphones that can be fully compromised via Bluetooth.

https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/

Security Advisory: Airoha-based Bluetooth Headphones and Earbuds – Insinuator.net

friederJun 26, 2025
InsinuatorJun 26, 2025
New post: Security Advisory: Airoha-based Bluetooth Headphones and Earbuds https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
Security Advisory: Airoha-based Bluetooth Headphones and Earbuds – Insinuator.net