Obviously any vulnerability is bad, but I'm trying to understand just how bad this one is. What "scary" things could an attacker do?
It doesn't sound like they could listen in on a phone call you're having without your knowledge, or even an audio stream, since it breaks the original connection, right? So is the worst they could do is come within a pretty short distance of you, scan for your mac address, and the auto-connect and play some noise into your ears? Or is there more?
I suppose you could do something like take over the airpods of a high-level celebrity or politician while they're on a video call, that could be bad (but caught instantly). Anything worse?
A lot of people wear airpods around even if they're not actively using them, right? So if that's the case, you could use the microphone to eavesdrop on an in-person conversation. Although since it has to be within Bluetooth range, might be easier to just eavesdrop normally.
Do they?
Yes they do, and they look as ridiculous as you think
How would you as an observer tell if somebody is using their AirPods to listen to music or whether they're just in their ears for noise cancellation and thus "look ridiculous"?
that's the point: i can't tell and that is uneasing
I don't understand why yet. Why is it important to you to know whether someone is listening to music or not? Why do you need to be able to tell at all?
It indicates whether you would be interrupting if you tried to talk to them.
Yes. They’re easy to just leave in your ears and go about your day
Especially with the loud noise suppression.
For me it’s the opposite. They have a “transparency” feature that works lets through ambient noise.
I often wear one set to transparency when I’m alone and have a podcast going or something. Ideal for something like a grocery store but still leaves me with full awareness. They also detect if I start speaking and automatically pause whatever is playing.
Loud noise suppression works with transparency mode. You might be thinking of the similarly named noise cancellation mode which works opposite to transparency.
Loud noise suppression does a temporary switchover when a loud noise happens to try and protect your hearing.
Depends on what is meant by "not actively using them".
I use mine in noise-cancelling mode all the time, without music/podcasts/anything. But the noise-cancelling is definitely active.
Always when I'm in the subway, along busy streets full of honking and emergency vehicles, and so forth.
Makes urban life much more tolerable.
This is a weird behavior and it seems people, these days, consider this normal! I usually stop talking if someone wears a headphone and give them the opportunity to finish listening to whatever they are listening to. How do one talk to someone whose ears are blocked by plugged-in headphones (even if they are passive, which I won't know).
I believe it is a courtesy to remove one's headphone when talking to another person.
Same. If I see someone has earphone/airpods in I don't speak to them. I'll indicate with gestures "take your earphones out" if they are trying to talk to me.
Why would you do that if they are actively talking to you? You know some people use them to hear better, right?
some do, most don't.
wearing headphones gives way to the assumption that the person is listening to something other than their surroundings; their talking is probably directed at someone on the phone.
hearing aids can be used as headphones as well, but generally aren't.
I was careful to not bother a friend's father at a gathering because he seemed to be listening to something on his AirPods. Only after did my friend let me know he uses them in hearing aid mode (didn't know that was a thing!) to hear better. (Father won't admit he needs hearing aids, but is happy to use AirPods to assist. )
Personally, I can't filter out background noise properly.
This means I can understand a conversation _much_ more clearly if I'm wearing active noise cancelling headphones. Yes, it makes _you_ quieter, but it also means I'm not trying to pick out your speech from complicated background noises.
Social norms change over time; expecting someone to remove headphones will become less of a thing in day to day life.
AirPods Pro 2nd generation supports the Conversation Awareness feature that lowers the volume of what the person is listening to and raises the volume of the person speaking automatically when it's enabled.
Apple is expected to be approved by the FDA for some uses as a hearing aid [1] and they have patents for adding medical monitoring in future AirPods [2].
So when we're talking to someone wearing AirPods as times goes on, we won't know if they actually need the AirPods to assist them in being able to function in the world.
[1]: https://arstechnica.com/gadgets/2024/03/apples-airpods-pro-c...
[2]: https://applemagazine.com/apple-patents-suggest-future-airpo...
Worst case, someone could create a device they drop in your bag that records everything from your headphones. Maybe even in the shape of a USB drive or something. I believe the "fast connect" protocol allows you to be "connected" to more than one device at a time, so you likely wouldn't even notice. Another attack would be to set "coffee coasters" around an office as a janitor, that snagged audio from any nearby pods.
Essentially, you basically have the hard part done for any bugs, you just need to build a device with a little battery, a BT transmitter, and storage; then you've got high quality audio near where anyone is speaking.
They could also just drop a device with a microphone in your bag and listen to both sides of every conversation. Involving bluetooth seems like an extra complication.
Microphones in a bag don’t have great pickup and are obvious once found. Something electronic? Everyone has that laying around.
Obvious ones are that an attacker could play a damagingly loud noise, could eavesdrop on your in-person environment if you're wearing the AirPods without using them, as many do, or could masquerade as a caller without actually using a call service or leaving call records.
It also provides a straightforward avenue for further chains of exploit, if some were known to the attacker, since taking over the bluetooth connection represents a pretty wide channel of opportunity.
Realistically the worst thing is just being annoying. If it was left unpatched, someone would make an airpod jammer app for the flipper zero and cause annoyance in public places killing the audio on everyones airpods.