Comment by zaptheimpaler
2 months ago
I couldn't find anything from Sony confirming that these specific vulnerabilities had been patched, so i tried to reproduce the steps from the whitepaper using nRF Connect [1] with my Sony WH-1000XM4 on the latest firmware version.
There was no response to the Get Build Version command, and the Read Flash command returned an error. So tentatively (with false negatives possible), it seems to have been patched on Sony devices. I don't have a linux box with bluetooth handy ATM so I didn't try using the race-toolkit directly.
[1] https://static.ernw.de/whitepaper/ERNW_White_Paper_74_1.0.pd...
WH-1000XM4 isn't on the list of affected devices though, does it have the same chip?
Yes it is, page 29 of that PDF lists it:
- Sony WH-1000XM4
Thank you. My bad.