Apps that let users connect their smartphones or laptops to wireless earplugs can record conversations, and are vulnerable to hacks.
(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)
They “can record conversations,” Shubho Pramanik, SVP at Applied Cloud Computing told The Hindu. Through a process called bluebugging, a hacker can make and listen to calls, read and send messages, and modify or steal your contacts, he explained.
Users must give these apps sensitive permissions like microphone access only if it is required. Apps linked to these commonly called true wireless stereo (TWS) earplugs can listen to what you say even if you have not given them permissions while installing and connecting to the devices, he added.
Mr. Pramanik also stated that smartphones are more vulnerable to this type of hacking as most users leave their Bluetooth on in public places. Even the most secure smartphones like iPhones are vulnerable to these attacks.
“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets,” Guilherme Rambo, an app developer, wrote in his blog last month.
This can happen even without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone, he added.
He reported this to Apple. The iPhone maker fixed the vulnerability through iOS 16.1 and iPadOS 16 updates.
“An app may be able to record audio using a pair of connected AirPods,” Apple acknowledged on its support page while releasing the fixes to the issue.
Turning off Bluetooth and disconnecting paired Bluetooth devices when not in use, updating the device’s system software to the latest version, limiting use of public Wi-Fi, and using VPN as an additional security measure are some ways to enhance the security of TWS devices, said Mr. Pramanik.
