Comment by bethekidyouwant
1 month ago
This is just a chip with debug mode left on and does not allow anyone to hijack audio stream or anything interesting. (Just in case anyone’s checking the comments because they don’t want to watch a long ass video and they notice all the comments are essentially off topic)
Sounds like you should have actually watched the “long ass video”.
It allows the pairing key to be exfiltrated from the compromised device and an external, attacker controlled device to perform any function the original device could. This includes retrieving the paired devices phone number, answering phone calls, and receiving the audio. They live demo hijacking a whatsapp account using this.
Neat. It appears my headphones have to be in pairing mode. Which is a very short window, at which point the attacker can impersonate your device. this allows him to answer phone calls for you or make phone calls, but you would notice right away. It’s not like cloning the audio and eves dropping. so yeah it’s a nothing burger.
Some devices are/were only vulnerable during the initial pairing but a key point from this talk was that most of these devices were vulnerable during normal use.
The RACE protocol could be accessed even if the device isn’t in pairing mode. Then once you have a target device’s key you can carry out the attack at anytime, when they’d be unlikely to notice.
2 replies →