Previous discussion on ?a similar? vulnerability. That means there is yet another critical vulnerability from the same vendors, given the reporting date around ~August I hope this was addressed by Sony and Jabra around the same time.
> Bluetooth Headphone Jacking: A Key to Your Phone [video]
> 551 points
> 223 comments
> 21 days ago
I wonder if some people could find more affected versions or whether there is some tool to detect more models, as I would doubt this is being nearly complete given how many vendors rely on this supplier.
I have the impression this is not the same. In the linked video, they talked about unauthenticated functions in BLE if I recall correctly…
yes sorry, just updated my comment shortly before you replied.
This is CVE-2025-36911, the other ones were CVE-2025-20700, CVE-2025-20701, CVE-2025-20702. Coincidentally a similar set of headphones affected.
This one also has a pairing vulnerability, but I assume fast pair is on the BLE level:
> To start the Fast Pair procedure, a Seeker (a phone) sends a message to the Provider (an accessory) indicating that it wants to pair.
> [...] allowing unauthorised devices to start the pairing process [...]
It's a pity that this is only awarded with $15k, this is a really bad vulnerability - which clearly required thoughtful investigation, publishing, reporting, ... and would have a much bigger audience in the exploit market.
Previous discussion on ?a similar? vulnerability. That means there is yet another critical vulnerability from the same vendors, given the reporting date around ~August I hope this was addressed by Sony and Jabra around the same time.
https://news.ycombinator.com/item?id=46453204
I wonder if some people could find more affected versions or whether there is some tool to detect more models, as I would doubt this is being nearly complete given how many vendors rely on this supplier.I have the impression this is not the same. In the linked video, they talked about unauthenticated functions in BLE if I recall correctly…
yes sorry, just updated my comment shortly before you replied.
This is CVE-2025-36911, the other ones were CVE-2025-20700, CVE-2025-20701, CVE-2025-20702. Coincidentally a similar set of headphones affected.
This one also has a pairing vulnerability, but I assume fast pair is on the BLE level:
> To start the Fast Pair procedure, a Seeker (a phone) sends a message to the Provider (an accessory) indicating that it wants to pair. > [...] allowing unauthorised devices to start the pairing process [...]
It's a pity that this is only awarded with $15k, this is a really bad vulnerability - which clearly required thoughtful investigation, publishing, reporting, ... and would have a much bigger audience in the exploit market.
Was posted a few times recently:
https://news.ycombinator.com/item?id=46631720