Eavesdropping on AirPods?

FPF Logo for circles

Promoting press freedom in the 21st century

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

Freedom of the Press Foundation (CC BY 4.0)
Freedom of the Press Foundation (CC BY 4.0)

In the news

Apple released a firmware update patching a critical Bluetooth vulnerability in AirPods, AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. According to its support page, an adversary in Bluetooth range could spoof as an intended source device for these wireless headphones. When the targeted headphones send a connection request to the spoofed device, it could eavesdrop on confidential conversations. Read more here.

What you can do

As long as your wireless headphones are charged and in Bluetooth range of your Apple device, there is no need to manually apply firmware updates. There has not been a documented case of a threat actor utilizing Bluetooth vulnerabilities to target journalists. However, there are general precautions you should take for all Bluetooth devices:

Get Notified. Take Action.

  • Be wary of sending Bluetooth connection requests in public spaces. Make sure to confirm that the device you are connecting to belongs to you.
  • If you don’t need Bluetooth, consider disabling it from your Settings app.
  • Finally, if this is still a concern for you, you can always use regular old wired headphones or earbuds. Keep in mind that such attacks are unlikely to occur for most individuals.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Kevin

Kevin Pham

Digital Security Training Intern

Freedom of the Press Foundation

Donate to support press freedom

Your support is more important than ever.

Read more about Digital Security Digest

Indicted NYC mayor forgets phone passcode

Eric Adams allegedly claimed that he had changed the passcode and told the FBI he did not remember it.

Discord boosts private call encryption

Discord announced its rollout of end-to-end encryption for voice and video calls in one-to-one and group direct messages, voice channels, and Go Live streams.

Apple seeks dismissal of NSO Group lawsuit

Apple has filed a motion to withdraw a lawsuit against NSO Group, an Israeli spyware company.