Bluetooth Headphone Jacking: A Key to Your Phone
Dennis Heinze, Frieder Steinmetz
39th Chaos Communication Congress (39C3): Power Cycles · Day 1 · Saal One
In this compelling talk, "Bluetooth Headphone Jacking: A Key to Your Phone," Dennis Heinze and Frieder Steinmetz from ERW, a German security company, unveil a critical vulnerability ecosystem affecting a vast array of Bluetooth audio devices. Their research, initially focused on the theoretical aspects of Bluetooth's Oracast feature, pivoted to practical implementation analysis, leading to the discovery of a widespread security flaw in Bluetooth System-on-Chips (SOCs) from a Taiwanese vendor, Aroa. This presentation details how unauthenticated access to a proprietary protocol on these devices can compromise user privacy, enable eavesdropping, and even facilitate account hijacking on connected smartphones.