Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additionally, ensure that the device is not already connected, or alternatively, that it supports multiple connections. #14

Closed
HamzaSn opened this issue Apr 7, 2024 · 1 comment
Closed

Additionally, ensure that the device is not already connected, or alternatively, that it supports multiple connections. #14

HamzaSn opened this issue Apr 7, 2024 · 1 comment

Comments

@HamzaSn
Copy link

HamzaSn commented Apr 7, 2024

What devices are affected with this issue ?

If a device is paired it's not vulnerable, and this attack is useless.
Because if it's not connected and you connect to some earbuds , well it's normal that you can record and play sound out of it
"or alternatively, that it supports multiple connections." is there any ?
@jesusgomezmoreno
Copy link
Collaborator

The problem is that some earbuds don't notify the legitimate user when they're being paired with some other device, and this could cause an attacker to use the earbuds (and their microphone) without the knowledge of the user.

This is a PoC on how a vulnerable paring process could be exploited. It's part of a demonstration on how a failure to implement appropriate security in Bluetooth could impact the use of a device. You can find out more about this topic on our website: https://www.tarlogic.com/bsam/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HamzaSn @jesusgomezmoreno