{"id":43962,"date":"2024-07-04T16:07:37","date_gmt":"2024-07-04T20:07:37","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=43962"},"modified":"2024-07-04T16:07:37","modified_gmt":"2024-07-04T20:07:37","slug":"airpods-fast-connect-vulnerability","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2024\/07\/04\/airpods-fast-connect-vulnerability\/","title":{"rendered":"AirPods Fast Connect Vulnerability"},"content":{"rendered":"<p><a href=\"https:\/\/blogs.gnome.org\/jdressler\/2024\/06\/26\/do-a-firmware-update-for-your-airpods-now\/\">Jonas Dre&szlig;ler<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=40832223\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/blogs.gnome.org\/jdressler\/2024\/06\/26\/do-a-firmware-update-for-your-airpods-now\/\">\n<p>There&rsquo;s a <a href=\"https:\/\/support.apple.com\/en-us\/HT214111\">security vulnerability<\/a> (CVE-2024-27867) in the firmware of Apple AirPods. Anyone who knows the Bluetooth MAC address (which is somewhat public) can connect to your AirPods and listen to the microphone or play music.<\/p>\n<p>[&#8230;]<\/p>\n<p>Fast Connect is a proprietary and <a href=\"https:\/\/patents.google.com\/patent\/US20190373430A1\/en\">US-patented<\/a> protocol by Apple that creatively uses the &ldquo;ping&rdquo; feature of the Bluetooth specification. Its main purpose seems to be reducing the time it takes to establish a connection between two Apple devices from roughly 1 second down to about 0.5 seconds.<\/p>\n<p>[&#8230;]<\/p>\n<p>Turns out that Apple (most likely) forgot to do some checks in the separate code paths that implement Fast Connect. Some very important ones: The AirPods forget to check the security level of the connection, i.e. &ldquo;did the other side actually authenticate itself and turn on encryption?&rdquo;<\/p>\n<\/blockquote>\n<p>So anyone can connect to your AirPods and use the microphone to record your local environment, as well as engage in <a href=\"https:\/\/news.ycombinator.com\/item?id=40834234\">more creative mischief<\/a>. This is fixed in a <a href=\"https:\/\/support.apple.com\/en-us\/106340\">firmware update<\/a>, but if your AirPods only connect to non-Apple devices you would need to go to an Apple Store to update the firmware.<\/p>","protected":false},"excerpt":{"rendered":"<p>Jonas Dre&szlig;ler (via Hacker News): There&rsquo;s a security vulnerability (CVE-2024-27867) in the firmware of Apple AirPods. Anyone who knows the Bluetooth MAC address (which is somewhat public) can connect to your AirPods and listen to the microphone or play music. [&#8230;] Fast Connect is a proprietary and US-patented protocol by Apple that creatively uses the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2024-07-04T20:07:40Z","apple_news_api_id":"f32c7159-b37a-4998-b572-fc7cf94a5254","apple_news_api_modified_at":"2024-07-04T20:07:40Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/A8yxxWbN6SZi1cvx8-UpSVA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1422,248,422,2095,31,2321,30,2385,1211,355],"class_list":["post-43962","post","type-post","status-publish","format-standard","hentry","category-technology","tag-airpods","tag-android","tag-bluetooth","tag-exploit","tag-ios","tag-ios-17","tag-mac","tag-macos-14-sonoma","tag-microphone","tag-privacy"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/43962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=43962"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/43962\/revisions"}],"predecessor-version":[{"id":43963,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/43962\/revisions\/43963"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=43962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=43962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=43962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}