Vulnerability discovered in AirPods that allows easy access from outside, Apple has already distributed firmware update
A vulnerability has been discovered in Apple's wireless earphones, AirPods, that could allow a remote connection if the user knew the Bluetooth
Do a firmware update for your AirPods – now – Jonas' Blog
https://blogs.gnome.org/jdressler/2024/06/26/do-a-firmware-update-for-your-airpods-now/
The problem with AirPods was discovered by software engineer Jonas. Jonas, who bought the third-generation AirPods in 2024, said he was impressed by how the AirPods magically worked with his iPhone and Mac. Jonas uses Linux for work, so when he started up Linux on his Mac, he was able to use the AirPods without any problems on his Mac, but he was no longer able to connect to his iPhone, which had been connected until just a moment ago.
Jonas was intrigued by the fact that even though he could connect wirelessly to his iPhone without any problems when using macOS, he couldn't connect when he switched to Linux. He wondered what proprietary protocol Apple was using with AirPods, so he decided to look into it.
As a result of his research, Jonas discovered a vulnerability in a feature called 'Fast Connect' for connecting Bluetooth devices provided by Apple. Jonas points out that Fast Connect is Apple's own patented protocol that makes creative use of the Bluetooth 'ping' function. The main purpose of Fast Connect is to reduce the time it takes to establish a connection between two Apple devices from about 1 second to about 0.5 seconds.
The basic mechanism of Fast Connect is that before authenticating with the connecting device (AirPods), both devices exchange L2CAP ping messages, and Apple includes a protocol message in the payload of the ping. This allows both devices to verify that they are using the Fast Connect protocol without violating the Bluetooth specification, and then exchange three messages to exchange all the information necessary to fully connect the two devices.
However, Jonas discovered several bugs in the code that implements Fast Connect, the key problem being that AirPods forget to check the security level of the connection, that is, whether the other party has actually authenticated and turned on encryption.
Authentication and encryption enablement are steps that should occur after the initial Fast Connect message. iOS and macOS execute this step perfectly, but if an attacker tries to skip this step when connecting, AirPods will continue with Fast Connect as it is. When connecting AirPods without Fast Connect (i.e., when connecting to a device other than Apple's product via Bluetooth), this authentication step is somewhat implicit, so Jonas said that this is probably why Apple forgot to add an explicit check step to the Fast Connect code.
This vulnerability allows anyone to access your AirPods if they know their Bluetooth MAC address, which is not strictly private, but can be easily obtained when the device is in pairing mode or by using hardware such as
Once an attacker has connected to an AirPods, they can do anything the AirPods can do: eavesdrop on the microphone input, listen to the music being played, see what music is playing on other devices connected to the AirPods, and do anything the AAP protocol allows (such as changing settings or sending malformed messages to crash the AirPods).
Apple has released a firmware update to fix this vulnerability, so Jonas wrote, 'AirPods users should make sure their firmware is up to date.'
To update the AirPods firmware, the AirPods must be charging and within Bluetooth range of an iPhone, iPad, or Mac connected to Wi-Fi, but the firmware update itself is automatic. You can check the firmware version of your AirPods by tapping the 'i' button next to AirPods on the 'Bluetooth' screen in Settings.
About AirPods firmware updates - Apple Support (Japan)
https://support.apple.com/ja-jp/106340
Please note that AirPods are designed to only be updated when used with an iPhone or Mac, so users who use AirPods with Android devices may not have a way to update the firmware, but they can go to an Apple Store to have the AirPods firmware updated.
Related Posts:
