Wireless earplug apps are vulnerable to hacks

“An app may be able to record audio using a pair of connected AirPods,” Apple acknowledged on its support page while releasing the fixes to the issue

November 15, 2022 03:09 pm | Updated 03:09 pm IST

Image used for representation purpose

Image used for representation purpose | Photo Credit: KSL

Apps that let users connect their smartphones or laptops to wireless earplugs can record conversations, and are vulnerable to hacks.

(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)

They “can record conversations,” Shubho Pramanik, SVP at Applied Cloud Computing told The Hindu. Through a process called bluebugging, a hacker can make and listen to calls, read and send messages, and modify or steal your contacts, he explained.

Users must give these apps sensitive permissions like microphone access only if it is required. Apps linked to these commonly called true wireless stereo (TWS) earplugs can listen to what you say even if you have not given them permissions while installing and connecting to the devices, he added.

Mr. Pramanik also stated that smartphones are more vulnerable to this type of hacking as most users leave their Bluetooth on in public places. Even the most secure smartphones like iPhones are vulnerable to these attacks.

“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets,” Guilherme Rambo, an app developer, wrote in his blog last month.

This can happen even without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone, he added.

He reported this to Apple. The iPhone maker fixed the vulnerability through iOS 16.1 and iPadOS 16 updates.

“An app may be able to record audio using a pair of connected AirPods,” Apple acknowledged on its support page while releasing the fixes to the issue.

Turning off Bluetooth and disconnecting paired Bluetooth devices when not in use, updating the device’s system software to the latest version, limiting use of public Wi-Fi, and using VPN as an additional security measure are some ways to enhance the security of TWS devices, said Mr. Pramanik.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.