Curated Content | Thought Leadership | Technology News

Eavesdropping No More: New Firmware Shields Your AirPods from Hackers

Is somebody there?
Ryan Uliss
Contributing Writer
Neiman Marcus Store Exterior and Logo

On June 25th, Apple released a crucial firmware update for various AirPods and Beats models, addressing a significant security vulnerability. The flaw potentially allowed malicious actors within Bluetooth range to gain unauthorized access to the headphones. This could enable eavesdropping on private conversations, posing severe privacy risks.

Hackers could exploit this vulnerability by spoofing the intended source device during a connection request. When headphones seek to reconnect to a previously paired device, a nearby attacker could intercept the request and pose as the legitimate device. This unauthorized access could then allow the hacker to listen in on conversations, access audio streams, or manipulate the device settings without the user’s knowledge.

The vulnerability affected multiple models, including AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. The issue has been resolved through improved state management in the latest firmware updates: AirPods Firmware Update 6A326 and 6F8, and Beats Firmware Update 6F8.

Why it matters: The increased use of Bluetooth-enabled devices has heightened the risk of cyberattacks and data breaches. The recent vulnerability discovered in Apple’s AirPods and Beats headphones exemplifies this threat, potentially allowing nearby attackers to gain unauthorized access and eavesdrop on private conversations. As these devices become more common in both personal and professional settings, stringent security measures are essential to protect user privacy and maintain trust in the manufacturers that produce them.

  • Vulnerability Details: The authentication issue, CVE-2024-27867, allowed attackers in Bluetooth range to spoof a device and gain access to AirPods and Beats headphones. Hackers could exploit the flaw by intercepting a connection request between headphones and a previously paired device, spoofing the intended source device to gain unauthorized access.
  • Additional Security Updates: This incident comes roughly two weeks after another recent security issue at Apple, where a visionOS update patched 21 vulnerabilities for the Apple Vision Pro, including a significant WebKit denial-of-service flaw and a permission-bypassing ARKit issue. The updates underscore Apple’s prioritization and commitment to security.
  • Firmware Update Process: Users can check their firmware version by navigating to the Bluetooth menu in the Settings app on their iPhone. The update occurs automatically when the headphones are charging and within Bluetooth range of a connected device.

Go Deeper ->Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping – The Hacker News

Apple Confirms What’s New with Latest AirPods Software Update – 9 To 5 Mac

You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

30 CIOs - Nov 2023 Round Up
The IRS, U.S. Navy, Frontier Airlines, and more.

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.