HH.security #19
Details
Moin wonderful people,
while the npm world (and us therefore) is doing the funky worm, we plan the next meetup and like to invite you to listen to these great talks with a great view:
- Headphone Jacking: Hacking Bluetooth Headphones
- Vibecodig and Security: A Workshop and its Results
"Headphone Jacking: Hacking Bluetooth Headphones" by Dennis Heinze
Bluetooth headphones are everywhere, and we were wondering what we could do with them if we hack them. Sure, we can probably do things like finding out what the person is listening to. But what else? During our research we discovered vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in popular Bluetooth audio chips developed by Airoha that are used by many popular device manufacturers in a large number of Bluetooth headphones and earbuds.
These vulnerabilities may cause a complete device compromise. We demonstrated the immediate impact using a pair of current-generation headphones. We also demonstrated how a compromised Bluetooth peripheral can be abused to attack paired devices due to their trust relationship with the peripheral.
This presentation will give an overview over the discovery of the vulnerabilities, a demonstration and discussion of their impact, and a peek into the difficulties of disclosure, patching, and updating. We will also have a fun live demo!
"Vibecodig and Security: A Workshop and its Results" by Jan Girlich(iteratec)
Vibecoding refers to a style of software development where you prompt an LLM to write the code and follow where it leads you.
During our company's summer event we invited about 40 people to find out how well vibecoding works for us. Halfway into the workshop, we stopped coding and had a look at the security of the software we built.
This talk will present what we learned from that experiment.