HH.security #19

Moin wonderful people,
while the npm world (and us therefore) is doing the funky worm, we plan the next meetup and like to invite you to listen to these great talk(s) with a great view:

"Headphone Jacking: Hacking Bluetooth Headphones" by Dennis Heinze
Bluetooth headphones are everywhere, and we were wondering what we could do with them if we hack them. Sure, we can probably do things like finding out what the person is listening to. But what else? During our research we discovered vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in popular Bluetooth audio chips developed by Airoha that are used by many popular device manufacturers in a large number of Bluetooth headphones and earbuds.

These vulnerabilities may cause a complete device compromise. We demonstrated the immediate impact using a pair of current-generation headphones. We also demonstrated how a compromised Bluetooth peripheral can be abused to attack paired devices due to their trust relationship with the peripheral.
This presentation will give an overview over the discovery of the vulnerabilities, a demonstration and discussion of their impact, and a peek into the difficulties of disclosure, patching, and updating. We will also have a fun live demo!

"Second talk"
And we'll have another one, but don't have details yet.