Comment by zaptheimpaler

2 months ago

I couldn't find anything from Sony confirming that these specific vulnerabilities had been patched, so i tried to reproduce the steps from the whitepaper using nRF Connect [1] with my Sony WH-1000XM4 on the latest firmware version.

There was no response to the Get Build Version command, and the Read Flash command returned an error. So tentatively (with false negatives possible), it seems to have been patched on Sony devices. I don't have a linux box with bluetooth handy ATM so I didn't try using the race-toolkit directly.

[1] https://static.ernw.de/whitepaper/ERNW_White_Paper_74_1.0.pd...

3 comments

zaptheimpaler

krick 2 months ago

WH-1000XM4 isn't on the list of affected devices though, does it have the same chip?

cetra3 2 months ago
Yes it is, page 29 of that PDF lists it:
- Sony WH-1000XM4
- krick 2 months ago
  
  Thank you. My bad.