_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
HTML Visit Hacker News on the Web
COMMENT PAGE FOR:
HTML Bluetooth Headphone Jacking: A Key to Your Phone [video]
krick wrote 11 hours 2 min ago:
Ok, so TL;DR: there's nothing that can be done about it? Just hoping
that nobody (like not a single random person, eh) around me knows about
that?
jogu wrote 1 hour 36 min ago:
It can be fixed if the manufacturer releases a firmware update for
the affected devices.
karlzt wrote 11 hours 24 min ago:
IMO anything related to Bluetooth should be destroyed.
HTML [1]: https://www.bleepingcomputer.com/news/security/undocumented-co...
epakai wrote 13 hours 37 min ago:
Razer isn't mentioned, but I know they're using Airoha AB1571DN in
Blackshark V3 Pro transmitter. Not sure what is on the headset end.
Don't see any mentions on their last firmware update, and I can't find
older ones.
jogu wrote 1 hour 46 min ago:
Important to note that usage of an Airoha chip doesnât imply being
vulnerable, so each device has to be checked individually.
Itâs possible they werenât vulnerable to begin with, itâs also
possible they silently patched it.
cloudfudge wrote 16 hours 6 min ago:
I didn't see a summary in here so based on my reading:
* Certain headset devices from varying vendors have crappy BT
security over both bluetooth classic and BLE
* They implement a custom protocol called RACE which can do certain
things with no authentication at all
* One of the things RACE lets you do is read arbitrary memory and
exfiltrate keys needed to impersonate the vulnerable device with your
already-paired phone
* Once you're impersonating the vulnerable device you can do all
sorts of things on the paired phone like place/accept calls, listen on
the microphone, etc.
This is pretty bad and you can easily see this being used to bypass
other layers of auth like SMS verification or "have a robot call me and
read me a code." It also makes me wonder if a spoofed device could
appear as a HID device (e.g. a keyboard), but it's unclear whether the
link key compromise works for new device classes.
So the way to mitigate this is to be certain you don't have one of the
vulnerable peripherals or to disable BT. Note that the list of device
models sounds *far* from complete because it's a chipset issue. Which
makes me wonder if there are cars out there using this chipset and
exposing the same vulns. I'd be very interested if anyone has a source
on whether any cars use these chipsets.
zaptheimpaler wrote 16 hours 8 min ago:
I couldn't find anything from Sony confirming that these specific
vulnerabilities had been patched, so i tried to reproduce the steps
from the whitepaper using nRF Connect [1] with my Sony WH-1000XM4 on
the latest firmware version.
There was no response to the Get Build Version command, and the Read
Flash command returned an error. So tentatively (with false negatives
possible), it seems to have been patched on Sony devices. I don't have
a linux box with bluetooth handy ATM so I didn't try using the
race-toolkit directly.
HTML [1]: https://static.ernw.de/whitepaper/ERNW_White_Paper_74_1.0.pdf
krick wrote 10 hours 58 min ago:
WH-1000XM4 isn't on the list of affected devices though, does it have
the same chip?
cetra3 wrote 10 hours 48 min ago:
Yes it is, page 29 of that PDF lists it:
- Sony WH-1000XM4
krick wrote 10 hours 35 min ago:
Thank you. My bad.
explodes wrote 20 hours 56 min ago:
For other mobile users: [1] [2]
HTML [1]: https://www.cvefind.com/en/cve/CVE-2025-20700.html
HTML [2]: https://www.cvefind.com/en/cve/CVE-2025-20701.html
HTML [3]: https://www.cvefind.com/en/cve/CVE-2025-20702.html
unsettledturtle wrote 21 hours 0 min ago:
checking my understanding: this vuln is in the firmware for specific
airoha chipsets; e.g. if a bluetooth device is listed as using a
qualcomm chipset then it's unaffected by this specific vuln?
... though I wouldn't be surprised if we see a burst of similar
disclosures for other manufacturers in the next year or so
sva_ wrote 21 hours 31 min ago:
I previously posted the repo here:
HTML [1]: https://news.ycombinator.com/item?id=46406310
jader201 wrote 21 hours 20 min ago:
Why not just link to the repo directly? That post only has one
comment.
Hereâs the repo (to save everyone a click):
HTML [1]: https://github.com/auracast-research/race-toolkit
sva_ wrote 6 hours 18 min ago:
It is somewhat of a custom that the person who posts about a thing
first gets the Karma, but it is seldom respected, and I won't beg
for it. But I do sometimes hint at it.
jbverschoor wrote 21 hours 33 min ago:
What about B bluetooth keyboards and touchid
amelius wrote 21 hours 33 min ago:
> We also demonstrate how a compromised Bluetooth peripheral can be
abused to attack paired devices, like smartphones, due to their trust
relationship with the peripheral.
Can't watch the video now. But I wonder to what extent they can take
over a smartphone? Can they make a headphone look like a
keyboard/mouse, for example?
Second question: can the whole problem be remedied by installing a
firmware update?
bethekidyouwant wrote 21 hours 59 min ago:
This is just a chip with debug mode left on and does not allow anyone
to hijack audio stream or anything interesting. (Just in case
anyoneâs checking the comments because they donât want to watch a
long ass video and they notice all the comments are essentially off
topic)
jogu wrote 1 hour 40 min ago:
Sounds like you should have actually watched the âlong ass
videoâ.
It allows the pairing key to be exfiltrated from the compromised
device and an external, attacker controlled device to perform any
function the original device could. This includes retrieving the
paired devices phone number, answering phone calls, and receiving the
audio. They live demo hijacking a whatsapp account using this.
brohee wrote 22 hours 28 min ago:
You'd think Sony would have learned from the PSN debacle, but alas...
Now I need to setup to check if my headphones are still vulnerable...
peterpost2 wrote 22 hours 41 min ago:
Shame on Airoha. Terrible security pracices.
Alifatisk wrote 22 hours 58 min ago:
A bit irritating to see people ruining the demo by calling the phone
number
wojciii wrote 23 hours 19 min ago:
This is probably going to make some state actors unhappy.
amelius wrote 21 hours 5 min ago:
Probably a combination of happy and unhappy, depending on which state
actor, and who knew about the exploit.
smallstepforman wrote 23 hours 28 min ago:
Most audiophiles ignore bluetooth headphones due to sound quality +
latency, so we (audiophiles) stick to wired at home and we also have
dedicated headphone amps since the pissy sound card D/A convertors are
incredibly bad. Bluetooth only when Iâm doing yard work. Sadly,
modern music is tuned to crappy headphones, crappy car systems, crappy
speakers ⦠I miss the 80âs audiophile obsession, the equipment had
heart, and mixing and mastering was generations ahead of current
(mainstream) music production.
taneliv wrote 2 hours 18 min ago:
From a security point of view music listening is quite marginal, I
think. The vulnerable headsets make conversations trivial to
eavesdrop.
Average communication input is in a noisy environment (colleagues,
family, wind, equipment, car), and is compressed both in the dynamic
range and bitrate sense before sending out. The transport medium then
provides latency and packet loss. The fidelity of the audio equipment
on the receiving side plays very little role. I imagine even
audiophiles quite readily use even below mid-range wireless headsets
for conversations, just because they are more convenient.
In other words, I don't take calls on my wired AKG headphones, even
though my phone has a 3.5mm jack. I'm particularly fond of my â¬30
in-ear BT headset that provides good enough input and output even
when I'm biking. I can't be bothered to check if the model is on the
vulnerable devices list, the phone company / Meta / Alphabet / some
governments and so on can surveil my communications anyway. Adding a
random passer-by to the mix does not meaningfully increase the attack
surface. Plus they might get to listen to awesome music, if I'm not
on a call.
astrange wrote 14 hours 54 min ago:
"Sound quality" is a theoretical goal which can't be achieved in
practice unless you listen in a perfectly quiet room. Your audiophile
open-back headphones can't achieve their rated sound quality if eg
there's a CPU fan in the room, or if you're wearing glasses, or if
your head just doesn't fit the headphones the same way as the
tester's dummy head mic did.
bdavbdav wrote 19 hours 10 min ago:
I think many still recognise the train, car, going for a run / cycle,
gym⦠isnât an optimum listening environment and the convenience
significantly outweighs AQ in a lot of situations.
ricardobeat wrote 21 hours 27 min ago:
- Apple has a lossless codec for wireless, ALAC that can do up to
24bit/192khz
- aptX can do 44/16 in other devices, Sony has LDAC at 24/96 too
- latency under <100ms is meaningless for pure audio listening, video
players have latency compensation
We have amazing technology available today, at prices and quality
unimaginable in the 80s. A $50 in-ear from a chinese hi-fi brand can
give you an audio experience you couldnât buy for thousands of
dollars a decade ago. And thereâs more and more analog hardware
being designed and built as technology costs have fallen. Youâre
really missing out if you think things were better back then.
astrange wrote 14 hours 53 min ago:
> - Apple has a lossless codec for wireless, ALAC that can do up to
24bit/192khz
Only Vision Pro has wireless lossless audio and it works because
it's right next to the AirPods.
But your phone can passthrough AAC over Bluetooth as long as it
doesn't have to mix system sounds or anything in.
Rubberducky1324 wrote 22 hours 2 min ago:
I'm really enjoying my Focal Bathys Bluetooth headphones! Sure, wired
options will always be better, but when I want convenience, I've been
really impressed with these!
dmd wrote 23 hours 24 min ago:
What does audio have to do with this post?
petit_robert wrote 22 hours 53 min ago:
GP seems to mean that if people cared about audio quality, they
would not use bluetooth in the first place?
Audiophiles tend to have firm stances on what is acceptable or not,
I find.
K0balt wrote 22 hours 40 min ago:
There are also some amazing cables available in the space.
Especially the digital cables, they are really amazing.
brohee wrote 22 hours 24 min ago:
A friend worked in an audiophile shop during his physics master
and he'd swear the customer base was the most gullible bunch he
ever saw... And mostly unswayable by rational arguments.
In any case someone ought to shear the sheep....
calmworm wrote 20 hours 56 min ago:
I suspect some of that disconnect is because hearing itself
isnât standardized. Differences in frequency perception,
hearing loss, and training can make two people genuinely hear
different things.
bzzzt wrote 17 hours 14 min ago:
Of course people have different hearing, but the audiophile
market is overflowing with snake-oil stuff like 'oxygen
free copper' cables to 'acoustic resonator discs'.
Nobody's proven any of that stuff results in better sound
quality (or even different quality after you graduate from
junk stuff to reasonable equipment). Seems like an awfully
expensive way of experiencing the placebo effect to me.
dmd wrote 15 hours 27 min ago:
I know someone who spent upwards of $10k on a single
3-foot HDMI cable that was 'infused with Peruvian
copper'. He says it makes the colors "more true".
miduil wrote 23 hours 42 min ago:
Glad this submission is finally receiving upvotes.
This was just shown at the 39C3 in Hamburg, few days back.
Common (unpached) Bluetooth headsets using Airoha's SoCs can be
completely taken over by any unauthenticated bystander with a Linux
laptop. (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702)
This includes firmware dumps, user preferences, Bluetooth Classic
session keys, current playing track, ...
> Examples of affected vendors and devices are Sony (e.g., WH1000-XM5,
WH1000-XM6, WF-1000XM5), Marshall (e.g. Major V, Minor IV),
Beyerdynamic (e.g. AMIRON 300), or Jabra (e.g. Elite 8 Active).
Most vendors gave the security researchers either silent treatment or
were slow, even after Airoha published fixes. Jabra was one of the
positive outlier, Sony unfortunately negatively.
What is exciting, even though the flaws are awful, that it is unlikely
for current generation of those Airoha bluetooth headsets to change
away from Aiorha's Bluetooth LE "RACE" protocol. This means there is
great opportunity for Linux users to control their Bluetooth headsets,
which for example is quite nice in an office setting to toggle
"hearthrough" when toggling volume "mute" on your machine.
RACE Reverse Engineered - CLI Tool: [1] I feel like this should receive
state-level attention, the remote audio surveillance of any headset can
be a major threat. I wonder what the policies in countries official
buildings are when it comes to Bluetooth audio devices, considering
that Jabra is a major brand for conference speakers, I'd assume some
actual espionage threats.
HTML [1]: https://github.com/auracast-research/race-toolkit
throw0101a wrote 9 hours 53 min ago:
> WH1000-XM6
These (and others?) actually have a wired option (even provide the
cable) for listening. Sadly the built-in microphone doesn't work in
'wired mode' (though ANC does).
You could get at at "cable boom microphone", e.g.:
* [1] * [2] Maybe the XM7 will have it (along with wired audio
controls) via a CTIA/AHJ TRRS plug:
* [3] or via USB audio.
HTML [1]: https://www.amazon.com/dp/B07W3GGRF2
HTML [2]: https://www.amazon.com/dp/B00BJ17WKK
HTML [3]: https://en.wikipedia.org/wiki/Phone_connector_(audio)#TRRS_s...
CGMthrowaway wrote 12 hours 14 min ago:
Kamala Harris, citing seemingly classified intelligence, famously
raised the alarm on Bluetooth earphones to Stephen Colbert:
âI know I've been teased about this, but I like these kinds of
earpods that have the thing [pointing to the wire] because I served
on the Senate Intelligence Committee. I have been in classified
briefings, and I'm telling you, don't be on the train using your
earpods thinking somebody can't listen to your conversation.â
HTML [1]: https://www.aol.com/kamala-harris-warns-against-wireless-150...
willnix wrote 17 hours 18 min ago:
One of the researchers here.
Many people seem to prefer text to videos, which I sympathize with.
So please excuse me hijacking the top comment with links to our blog
post and white paper:
Blog: [1] Paper:
HTML [1]: https://insinuator.net/2025/12/bluetooth-headphone-jacking-f...
HTML [2]: https://ernw.de/en/publications.html
avidiax wrote 8 hours 32 min ago:
Did you look into whether the spoofed device can also be "upgraded"
to be used as an HID device, like a mouse or keyboard? That upgrade
would be several CVEs against the OS vendors.
That would make the attacks potentially silent, since the attacked
could simulate keypresses to dismiss notifications, or can at least
keep the target unable to respond by spamming home/back or pressing
power and simulating a swipe to shutdown.
j16sdiz wrote 5 hours 9 min ago:
You can't change the device class.
It would be an vulnerability on the host stack to accept that.
wolvoleo wrote 18 hours 24 min ago:
Cool! Can you play audio to them too? That would be a practical
joker's dream lol.
I'm not surprised Jabra acted quickly. They mainly sell too
enterprise which generally care very much about security. Sony is
more a consumer mfg now.
mschuster91 wrote 18 hours 30 min ago:
> This means there is great opportunity for Linux users to control
their Bluetooth headsets, which for example is quite nice in an
office setting to toggle "hearthrough" when toggling volume "mute" on
your machine.
Fun fact: There are at least two applications that reverse engineered
AirPods' communication protocol for custom controls - AndroPods from
2020 [1] and LibrePods from 2024 [2].
But... mainstream Android has a bug open in their Bluetooth stack for
well over a year now that prevents issuing the commands, meaning to
actually use the app you need root rights [3]. [1] [2]
HTML [1]: https://play.google.com/store/apps/details?id=pro.vitalii.an...
HTML [2]: https://github.com/kavishdevar/librepods/tree/main
HTML [3]: https://issuetracker.google.com/issues/371713238
keepamovin wrote 22 hours 5 min ago:
Finally, a coherent explanation of AirPods glitches ;)
mi_lk wrote 22 hours 19 min ago:
> This includes firmware dumps, user preferences, Bluetooth Classic
session keys, current playing track, ..
That doesn't sound very serious if they're exposed, is it? Can it be
used to eavesdrop my conversation if I'm speaking through the
headphone
DangerousPie wrote 22 hours 12 min ago:
They also demonstrated how this could be used to silently find out
someoneâs phone number and then hijack a TFA validation call from
an app like WhatsApp to take over their account with no user
interaction.
Fnoord wrote 21 hours 27 min ago:
This attack was not silent, it was noisy. They specifically
pointed that out in their talk.
miduil wrote 22 hours 13 min ago:
the session (or pairing key) means you can both connect to the
headphone or impersonate it.
It can toggle the hands-free mode and listen to whatever is being
talked, you'd notice that it has switched to the mode though - but
if you're headphones are powered on and you're not listening to in
they can be used for eavesdropping.
During the talk they both demonstrate listening to the microphone
and also receiving a WhatsApp 2FA call.
mi_lk wrote 22 hours 6 min ago:
presumably, even in hands-free mode the attacker needs to be very
close to the speaker to hear it
avidiax wrote 8 hours 47 min ago:
If you have a Bluetooth analyzer (e.g. Ellisys), then the link
key and a directional antenna is all you need to passively
eavesdrop on a conversation at a distance.
Of course, even regular omnidirectional Bluetooth antennas are
plenty to eavesdrop through a hotel room door, from the hallway
outside a conference room, etc.
An attacker can also passively record all the packets in an
area (Ellisys allows recording all channels at the same time),
and then actively gather link keys using this attack at any
time to decrypt the stored conversations.
Namidairo wrote 22 hours 38 min ago:
> Most vendors gave the security researchers either silent treatment
or were slow, even after Airoha published fixes. Jabra was one of the
positive outlier, Sony unfortunately negatively.
While I don't recall Sony issuing an advisory, I believe the users of
their app would have started getting update notifications since they
(quietly) released firmware updates.
> This means there is great opportunity for Linux users to control
their Bluetooth headsets, which for example is quite nice in an
office setting to toggle "hearthrough" when toggling volume "mute" on
your machine.
I think most vendors are using custom services with their own UUIDs
for settings such as this.
Regardless, I believe there are open client implementations for some
of the more popular devices. Gadgetbridge comes to mind in regards to
Android, not sure about any Linux equivalent.
miduil wrote 21 hours 52 min ago:
Uh totally, I can't believe how much support Gadgetbridge has - wow
thanks for the reminder. I'd love to use that on Linux eventually.
bgbntty2 wrote 22 hours 39 min ago:
Remote audio surveillance probably be accomplished on wired
headphones with TEMPEST [0]/Van Eck phreaking [1]. Not sure about
which has a better range and which would be stealthier - TEMPEST or
the Bluetooth attack. The Bluetooth attack just requires a laptop.
Not sure if the TEMPEST attack would require a big antenna.
[0] [1]
HTML [1]: https://en.wikipedia.org/wiki/Tempest_(codename)
HTML [2]: https://en.wikipedia.org/wiki/Van_Eck_phreaking
avidiax wrote 8 hours 41 min ago:
I doubt that audio-spectrum RF/magnetic frequencies emanate
strongly from wired headphones. They are simply not a long enough
antenna at 200-3,000 Hz. Also, the loop area is quite low. The
ground wire runs parallel to the L/R wires, so the only loop to
receive is the magnetic coils in the headphones, which are small.
Only near field would work, IMO.
bgbntty2 wrote 3 hours 38 min ago:
Thanks!
abeyer wrote 9 hours 33 min ago:
Even if the TEMPEST were easier, it's significantly less powerful,
as it's not going to get you the ability to write malicious
firmware to the audio device nor a persistent connection to the
host device when the audio device isn't connected.
IshKebab wrote 22 hours 42 min ago:
Is this an unintentional vulnerability or is it one of those "we left
it open because it's easier and we hoped nobody would notice" kind of
things. I mean can you just send a "update to this firmware" command
completely unauthenticated and it's like "yep sure"? No signing or
anything?
avidiax wrote 8 hours 44 min ago:
IMO, it's plausible that Airoha and the OEMs did not know about
this. The tooling may have been written in a pseudo-secure manner,
i.e. requiring pairing (on the client side) before attempting all
the debugging/firmware update commands. The tools may simply assume
that pairing is required or only list targets from those that are
paired and connected, which gives the illusion that the air
protocol requires this.
All it really takes is some engineer missing an if-statement to
check that the connection is bonded before processing the packets.
abeyer wrote 9 hours 40 min ago:
According to the details in their whitepaper, firmware is signed,
but the management protocol allows reading arbitrary memory, so you
can read out the keys and sign your own payload.
I'm not sure anyone intentionally did this, but there were several
poor decisions involved. It sounds like the upstream vendor shipped
sample code without auth, assuming implementers would know they
needed to secure a privileged device management interface, and said
implementers just copied the sample and shipped it.
macintux wrote 23 hours 27 min ago:
> Glad this submission is finally receiving upvotes.
Speaking for myself, I have very little patience for technical
videos, so I don't believe I've ever upvoted a YouTube submission.
KellyCriterion wrote 17 hours 50 min ago:
Just throw the link into Gemini and ask for a brief summary :-))
andai wrote 23 hours 13 min ago:
I would read it if it was an article of identical length!
One second thought I think this is called a transcript...
---
Edit: Auto-Transcript! (No timestamps, sorry)
HTML [1]: https://jsbin.com/jiqihuveci/edit?html,output
jakobdabo wrote 21 hours 43 min ago:
This is a good article:
HTML [1]: https://insinuator.net/2025/12/bluetooth-headphone-jacki...
TheAceOfHearts wrote 23 hours 52 min ago:
Haven't watched the video yet, but I think this capability was leaked
by VP Kamala Harris during her recent interview with the Late Night
Show [0]. She stated she doesn't use wireless headphones because she's
been in security meetings and knows they're not safe.
[0] [1] (Timestamp 18:40)
HTML [1]: https://youtu.be/BD8Nf09z_38
mrheosuper wrote 9 hours 14 min ago:
I guess what she was trying to say is "Anything wireless is bad in
term of security". We don't really know whether the bad guy already
has technology to decode wireless protocol we are going to use, so
it's best to assume they already have and reduce the attack surface
for them.
There is little encryption being done by bluetooth, while wifi, many
layers add their own encryption to the data.
upofadown wrote 18 hours 28 min ago:
Regular Bluetooth security is not that great. A lot of it is poor
usability where the user can't easily know that they don't have a
secure connection. Setting up a secure connection might involve
entering a PIN on each end of the connection which might be
challenging for something like a pair of earbuds. This contains a
nice discussion of the issues and talks about active attacks:
*
HTML [1]: https://arxiv.org/pdf/2108.07190
ProllyInfamous wrote 18 hours 45 min ago:
My brother [0] is a state judge whom uses a typewriter specifically
for OpSec.
Because he also knows a thing or two about technology. His agency
won't even allow him use an iPhone (for official business).
[0] Dude is decades away from retirement, not even close to "Boomer"
pxeger1 wrote 20 hours 48 min ago:
> this capability was leaked
I think the policy Harris is referring to is based on the _risk_ of
something like this - it is easy to imagine wireless devices being
vulnerable and enabling this capability - rather than being based on
definitive existence of this capability.
bink wrote 14 hours 32 min ago:
The government also doesn't let people conduct sensitive or
classified conversations over un-certified protocols or devices.
Unless the NSA was participating in the bluetooth encryption
standards decisions they aren't going to allow those devices to be
used by the President or VP. IMHO though, it's probably more that
there were security trade-offs made when developing the standards
and the government isn't OK with those types of trade-offs. It
doesn't mean they're horrible, just that they aren't verified to be
secure enough for sensitive governmental purposes.
9029 wrote 22 hours 7 min ago:
It seems this vuln was already publicized in june, or is that
interview from earlier?
denysvitali wrote 23 hours 42 min ago:
Disclaimer: This comment is not intended to be political - I don't
care about the specific party she's part of.
Out of all the people I would trust on the matter, Kamala Harris
doesn't certainly end up at the top of my list, for reasons such as
this one: [1] You also don't need to be in classified meetings to
understand that Bluetooth/ BLE (and specifically the way most vendors
implement the spec) is not as secure as other more battle-tested
technologies
HTML [1]: https://youtu.be/O2SLyBL2kdM?si=Zq-EN8zxj4Y_UCwI
cloudfudge wrote 16 hours 18 min ago:
It isn't about trust. There's no need to trust Kamala Harris in
order to heed "wireless headphones probably have a legitimate
security risk." And we know that even if she's a complete moron in
this topic area, she's advised by people who should know. Even if
you put no stock in her opinion, there is zero security downside
(and an awful lot of common sense benefit) to additional caution.
Even before this report, I had a vague feeling that there were
probably some security issues with BT headsets, and now it's
confirmed in a very concrete way. So whether she is stupid or not,
Kamala was right about this.
janez2 wrote 20 hours 56 min ago:
you have a tracking "si=..." parameter in the youtube link
denysvitali wrote 20 hours 7 min ago:
Too late to edit. I missed that, sorry!
quesera wrote 22 hours 34 min ago:
> doesn't certainly end up at the top of my list
There hasn't been a POTUS or VPOTUS with a technical background in
the last 45 years (Jimmy Carter was a nuclear engineer). So
obviously none of them would be authoritative on such topics.
However the individual in question is not delusional or
conspiratorial, and we know for sure that they are receiving advice
or restrictions from extremely well-informed sources, so there's
every reason to believe they are (lo-fi) repeating that.
astura wrote 18 hours 16 min ago:
>There hasn't been a POTUS or VPOTUS with a technical background
in the last 45 years (Jimmy Carter was a nuclear engineer). So
obviously none of them would be authoritative on such topics.
Jimmy Carter was a very smart guy, but he was not a nuclear
engineer.
HTML [1]: https://atomicinsights.com/jimmy-carter-never-served-nuc...
quesera wrote 17 hours 59 min ago:
Interesting, it looks more complicated than I realized.
"Nuclear engineer" might be too colloqualized, a la "software
engineer". (perish the thought!)
But he was an engineer who was trained to operate nuclear
facilities on subs. With a few more months of service he would
have qualified for the label "nuclear engineer" without any
asterisks.
And what even was a "nuclear engineer" in the early 1950s? The
field was new enough that the titles were probably not well
settled.
Tha National Academy of Engineering says:
> A graduate of the U.S. Naval Academy and a trained nuclear
engineer [1] US Navy history says:
> He served as executive officer, engineering officer, and
electronics repair officer on the submarine SSK-1. When Admiral
Hyman G. Rickover (then a captain) started his program to
create nuclear-powered submarines, Carter wanted to join the
program and was interviewed and selected by Rickover. Carter
was promoted to lieutenant and from 3 November 1952 to 1 March
1953, he served on temporary duty with the Naval Reactors
Branch, U.S. Atomic Energy Commission, Washington, D.C., to
assist "in the design and development of nuclear propulsion
plants for naval vessels."
> From 1 March to 8 October 1953, Carter was preparing to
become the engineering officer for USS Seawolf (SSN-575), one
of the first submarines to operate on atomic power. However,
when his father died in July 1953, Carter resigned from the
Navy and returned to Georgia to manage his family interests.
HTML [1]: https://www.nae.edu/19579/31222/20054/327746/331204/Ji...
HTML [2]: https://www.history.navy.mil/browse-by-topic/people/pr...
ycombinary wrote 22 hours 39 min ago:
It's essentially a statement about the view of gov security, not
about the view of an individual.
ahoef wrote 23 hours 35 min ago:
What she says isn't necessary untrue, now is it? She just skips a
lot of steps most people have no clue about.
I had files in a cabinet, now they are digital. And most often also
on a cloud drive, which is metaphysical in some sense. For most it
is indistinguishable from magic.
dijit wrote 23 hours 36 min ago:
I think many people would be justified in making the argument that
bluetooth has existed for at least 20 years and thus is the
established battle tested protocol.
IshKebab wrote 22 hours 32 min ago:
I think people are generally aware of how low quality the
Bluetooth protocol suite is though so maybe they'd guess that
extends to security too.
I definitely remember lots of folk security advice to keep
bluetooth off on your phone back when smartphones were new
(nobody does that now though, and Android auto-enables it these
days).
denysvitali wrote 23 hours 23 min ago:
Yeah, but Bluetooth spec changed a lot over the years (3000+
pages) and the certification price is rather expensive.
There's an interesting article from Wired [1] about this,
although some interesting comments from the engineers working on
BT stacks are far more interesting. It seems like most of the
manufacturers do not create spec-compliant devices, and that the
tests from the certification are just poor.
I'd love to hear more from an expert on the topic, but this looks
to be the consensus.
[1]
HTML [1]: https://archive.ph/6201V
balou23 wrote 19 hours 56 min ago:
I'm by no means an expert, but I've recently implemented a
small BLE based IoT device, and had a look at the
security/privacy of a medical BLE device.
Some points:
* there's a real lack of quality, up-to-date documentation. I
would have thought that at least on Linux you'd find some
documentation, but most of it seems to be "RTFS".
* BLE is in general very unfamiliar to most developers. There's
no client and server, there's central and peripheral. GATT
profiles are a mix between TCP connections and binary REST-ish
interface.
* Encryption/authentication is possible, but depending on the
manufacturer's API/quality of documentation it's not really
apparent a. how to select a secure connection method b. how to
even check if and which authentication/encryption was chosen
* Coming from the previous point, many BLE devices have the
same generic GATT profiles, sometimes with the same sample
data. This looks like a lot of BLE devices just copy&pasted
sample code from the manufacturer and added the minimal changes
"to make it work"
* It's probably really easy to do passive/active fingerprinting
to find out the manufacturer and/or chip version used in a
device. Default services, ordering of advertising options etc
* Many BLE devices are not conformant. Uninitialised name
fields with garbage in them ("Device Name:
WHOOP\020��=u5״\023n"), manufacturers using random
identifiers that clearly don't belong to them
* when doing passive BLE sniffing: the biggest obstacle isn't
getting data. It's how to filter it. One of the most useful
filters of the nRF Connect app for android is to filter out all
advertisement packages for apple and ms devices, to cut down
the overwhelming amount of such devices
raverbashing wrote 23 hours 54 min ago:
Ah yes, the removal of headphone jacks, the gift that keeps on giving
Funny that there were always some people here pushing bt audio as "the
future", whom I can only assume were the technically shallow but very
opinionated people that would die on the smallest technical hills
watermelon0 wrote 23 hours 15 min ago:
I'd assume that most people wouldn't want to get back to wired
headphones.
Transition period was definitely rough, but nowadays bluetooth
headphones are substantially better than they were in the past, and
it's quite freeing to not have to deal with wires.
There are definitely benefits to wired headphones, such as better
audio quality and no battery life to worry about, but for those cases
there are USB-C DACs.
throwaway81523 wrote 16 hours 56 min ago:
I still use wired headphones. This bluetooth vulnerability makes
me laugh.
HTML [1]: https://biggaybunny.tumblr.com/post/166787080920/tech-enth...
aziaziazi wrote 21 hours 39 min ago:
Brand new devices' batteries are awesome but wear off and need to
be changed at some point, if A) the device is designed to let you
do that and B) the battery is still in production.
You don't really own a wireless headphone. You can see it as a
rent, or an ownership that loose its capability when in use.
mrheosuper wrote 9 hours 6 min ago:
>A) the device is designed to let you do that
This is simply wrong. Apple airpod was not designed to replace
battery(they use tons of glue), yet many repair shop still offer
service to replace battery for them.
>B) the battery is still in production
The industry is kind of converging into using standard "coil
cell" battery for their headphone
krick wrote 10 hours 38 min ago:
Sure, but I am totally willing to make that tradeoff, and when my
earbuds die, I buy new wireless earbuds, not permanently switch
to some wired headphones I have lying around (mostly just in
case, to not be left hanging if my earbuds suddenly die). I
didn't know that before I started using wireless stuff, but now I
do. Because, you know, I can change my T-shirt, maybe even take a
shower, and start cooking something in the kitchen without
pausing that audiobook, all while my phone is charging in another
room.
I am even cautiously aware that people have lost their hearing,
because damn LiOH exploded in their ear. That's much scarier than
knowing I will have to buy new earbuds in a couple of years.
Didn't stop me using them either.
kccqzy wrote 17 hours 10 min ago:
The word you are looking for is not ârentâ but depreciation.
cyberrock wrote 19 hours 46 min ago:
It's not like wired earbuds/headphones are invincible either.
I've had a few wired ones lost due to cable damage, which
constitutes more casualties than my wireless inventory, including
noticeable charge loss. Of course, there are a lot more cheap
wired options with replaceable cables now, thanks to Moondrop and
gang.
I really wish the debate was more than jack vs Bluetooth, and
more wired fans would consider supporting devices with multiple
USB-C ports. Yeah, Sony still puts a jack on Xperias, but most
audiophiles note that it's driven by Snapdragon's mediocre
integrated DAC, possibly because Sony doesn't want it to compete
with Walkmans. Yeah, Valve puts a jack on the Steam Deck, but SD
OLED's jack has interference issues that users need to fix with
electrical tape or loosening screws. If these devices had two USB
ports, then it would be easy to use a better DAC with no
interference issues (while also charging with a cable attached to
the other port). Having a second USB port would increase device
life, and tie wired earbuds/headphones to a more durable standard
that's actively developed and backed by legislation. We know this
is possible for phones because ASUS ROG Phone has 2 USB ports.
NoiseBert69 wrote 23 hours 46 min ago:
Thanks god the headphone jacks died in smartphones.
I switched to USB-C soundcard cables which are dirt cheap and survive
much much more plug-unplug-cycles. They easily can be replaced.
Lammy wrote 8 hours 13 min ago:
USB-C is creepy in its own way, because it lets the host computer
uniquely identify each pair of headphones. Even my USB-C-to-3.5mm
adapter has a USB descriptor field whose key is a UUID and whose
value is the adapter's manufacture time in an ISO timestamp down to
the second it got programmed at the factory.
raverbashing wrote 23 hours 34 min ago:
The epidemic of people not wearing headphones has been directly
caused by the lack of headphone jacks
aidenn0 wrote 6 hours 56 min ago:
I see more people with headphones now that BT headphones are
everywhere...
Findecanor wrote 19 hours 3 min ago:
I find that people speaking very loudly into their wireless
headsets wherever they are and whomever they are with is a bigger
nuisance.
When you speak to someone in person, you'd adjust the volume of
your voice to the room and the recipient without thinking about
doing it.
The engineers who built the analogue phone system were aware of
this effect, and made it so that you heard yourself in the
handset's speaker. The engineers who designed the cell phone
standards decided to ignore this so they could do more
echo-cancellation.
It is not a big problem when people are speaking into a
slate-shaped cell phone, but when people wear headphones that
attenuates their own voice, they hear themselves less and speak
extra loudly to compensate.
j1elo wrote 23 hours 21 min ago:
A couple days ago there was a bit of a conversation about this,
you might find it interesting. It seems this feeling (to the
point of calling it an "epidemic"!) might be caused by the known
bias of thinking that earlier times were better:
HTML [1]: https://news.ycombinator.com/item?id=46424228
ffguhv wrote 23 hours 23 min ago:
LOL.
People not using headphones in public are narcissistic a-holes,
but theyâve been doing it since *long* before headphone jacks
went missing from smartphones.
conception wrote 23 hours 5 min ago:
Itâs even noted as a problem in the beloved, acclaimed piece
of cinema - Star Trek IV : The Voyage Home.
p0w3n3d wrote 1 day ago:
Meanwhile all the phones dropping jack because Apple started it.
Official reason is to "waterproof phones"
Larrikin wrote 7 hours 12 min ago:
This has been a lie since day one. The Sony Xperia line has been
waterproof for over 10 years and continues to have a headphone jack
and an SD card slot. That with their minimal Android tweaks is the
main reason to even consider their phones.
fancyfredbot wrote 19 hours 14 min ago:
It's not the official reason, but also worth noting that many
waterproof devices have headphone jacks.
barbazoo wrote 20 hours 49 min ago:
I just donât know a single real person that still wants to use
wired earphones with their phone. To me itâs the same as
complaining that an artist only has CDs, not records.
cloudfudge wrote 11 hours 44 min ago:
The security, performance, usability and reliability of wired
headphones will always be superior to wireless. There is just no
substitute for the simplicity of an uninterrupted piece of copper
carrying an analog signal. The convenience of having no wires
simply isn't worth the downgrade in these other aspects.
amrocha wrote 2 hours 2 min ago:
Your opinion is valid, but irrelevant. The above comment said
that youâre a minority and that theyâve never met a person
irl that shares your opinion. I can say Iâve also never met
anyone who shares that opinion.
Also of note is that I used to care a lot about sound quality,
and owned very expensive wired IEMs until 2 years ago. I was
annoyed when I switched to a phone without a jack, but now Iâm
used to it and donât particularly miss it.
subscribed wrote 15 hours 44 min ago:
Wired headphones have no latency. AptX-LL are rare in the good
quality headsets.
mjevans wrote 20 hours 14 min ago:
I want to use the extremely simple and reliable direct interface
and inexpensive cheap earphones and patch cables that I can buy in
any reasonable electronics store for low markup. They are all
passive components.
Adding an external sound card introduces variables outside of
manufacture control, the quality, latency, and drive power all at
the mercy of some random integrator.
My phone is easily thick enough to accommodate a 3.5mm port, and it
can't be that difficult to waterproof such a jack, which should
also make reasonable cleaning easy if it's ever required.
amrocha wrote 1 hour 59 min ago:
That might all be true, but at the same time most people donât
care or prefer wireless earphones.
makeitdouble wrote 22 hours 41 min ago:
The most frustrating part is when Apple dropped the jack we laughed
at the "courage" bit, Apple's given reasons where already seen as
bullshit, Samsung had their finger pointing moment.
And it just went on, Apple weathered the critics, the other makers
also dropped it, and at some point there was just nowhere to go for
anyone still wanted a 3.5 jack with a decent phone.
mschuster91 wrote 18 hours 27 min ago:
Most ADCs in consumer products were crap anyway (with the exception
of Apple, who for a long time used the widely beloved Wolfson
DACs).
If you want actual quality... be ready to shell out a bit of money
[1]
HTML [1]: https://www.amazon.de/Qudelix-Bluetooth-Adaptive-unsymmetr...
wat10000 wrote 20 hours 50 min ago:
Theyâre just responding to the market. The vast majority of
people donât care about this. Personally, Iâd rather have two
minutes more battery life than a headphone jack.
Itâs annoying to have non-mainstream preferences in an area where
economies of scale mean every product needs to have mass market
appeal. But you might as well complain about the tide coming in.
Rygian wrote 19 hours 26 min ago:
Do you have a source that supports your claim, that the market
asked for 3.5 mm jacks to go away?
wat10000 wrote 15 hours 48 min ago:
The source is the fact that very few phones have them.
There isn't some grand conspiracy to keep headphone jacks out
of phones. Why would they do that? You think Samsung or Google
wouldn't jump at the chance to sell more phones by putting in a
headphone jack, if that would actually help them compete? No,
the reason few phones have one is because few people care about
it, at least enough to influence their purchasing decisions.
There are plenty of examples of market failures in the world
where lack of competition or information prevents consumer
preferences from being reflected in product offerings. But
smartphone hardware is definitely not one of them.
crazygringo wrote 18 hours 57 min ago:
That's not what the parent commenter said. They said consumers
don't care, not that they asked for the jacks to go away.
You're misrepresenting.
But in terms of consumers not caring, yes: [1] It's objectively
not a popular feature or something the vast majority of
consumers are looking for.
Most people prefer Bluetooth because you don't need to deal
with annoying wires getting tangled, ripping your earbuds out,
etc.
Again, it's not that the market asked for the jacks to go away,
they just don't care. And when there's something that consumers
don't care about, companies tend to remove it. The jack takes
up volume. Not huge, but on phones every cubic millimeter
counts. And it's one more thing that can break.
And if you really want a jack, there's a $9 adapter you can
just keep attached to your headphones. So everyone wins.
HTML [1]: https://www.androidauthority.com/ting-headphone-jack-s...
ptx wrote 15 hours 21 min ago:
The survey asks whether people care about the headphone jack,
though â it asks whether it's in the top three features
they care about.
I care plenty about the headphone jack but still reluctantly
bought a phone without one (which I regret) because I have
more than three requirements to balance. I expect that the
users who did include the headphone jack in their top three
features still care that e.g. the screen, battery and radio
are all in working order as well, despite not being in their
top three.
Rygian wrote 16 hours 13 min ago:
I understand the figured sense that you describe. It reverses
the logical suite of cause and effect. Instead of describing
the true cause (Apple chooses to drop the jack) and the
consequence (customers "don't care", which I believe is
wrong), the conveyed message blames those without a choice:
"customers don't care, therefore we should drop the jack".
The survey that you link is built on the premise that "you
can pick only three things at most" as a manipulative trick.
And since the headphone jack doesn't make it to the top 3,
you use it as claim that consumers do not care about the
headphone jack. This is not reasoning or stating objective
facts, this is just a cop-out.
My claim is that the vast majority of consumers still need at
some point in their use of their phone a way to plug 3.5
jacks into their phones somehow, and just put up with the
enshittified new way: either buy some bluetooth adapter
dongle, or a USB-C low quality DAC, or just give up and find
a different solution.
wat10000 wrote 15 hours 46 min ago:
Why would Apple dropping the jack cause other phone makers
to drop it, if their customers still want it?
1. Apple drops the headphone jack.
2. ???
3. Google Pixels don't have a headphone jack.
What is the ??? if not "few customers care"?
makeitdouble wrote 13 hours 5 min ago:
"few customers care" is not the democratic ideal you make
it sound to be.
It's the same as glued batteries, unrepairable phones.
Few customers making it an absolute criteria for their
phone choice still doesn't make mean the majority sees it
as a positive thing nor they agree. At the time on the
android side, only Pixel and Samsung's lines were serious
about the camera or international NFC support, moving to
other phones just for the jack came with huge compromises
that had nothing to do with the jack itself.
wat10000 wrote 11 hours 52 min ago:
Itâs a competitive market. If removable batteries
mattered to a lot of people, some company would take
advantage of that to make a lot of money.
Feature combinations arenât immutable facts of
nature. Manufacturers make a conscious choice about
what to include. If a good camera and international NFC
combined with a headphone jack would attract a lot of
buyers, donât you think Samsung or Google would make
a phone like that to better compete?
Itâs nothing to do with âdemocratic ideal.â
Itâs about understanding that companies want to make
money and if a feature is desirable, they will leverage
that in their quest to make money. Some may fail to
understand what their customers want, but all of them?
Itâs not plausible.
makeitdouble wrote 5 hours 59 min ago:
> It's a competitive market.
Is it ?
We have a paper trail of lawsuits telling another
story.
Rygian wrote 15 hours 13 min ago:
The "???" is "hey, Apple are doing it! since we already
copy so many ideas from them, let's shave a few cents on
the amp and jack receptacle, and if anyone complains,
just claim that it's the trendy thing to do now".
wat10000 wrote 15 hours 4 min ago:
And why didn't any of the multitude of phone makers say
"turns out that people actually want a headphone jack,
let's spend a few extra cents and steal all of our
competitors' customers"?
Rygian wrote 14 hours 42 min ago:
"The Best Phones With an Actual Headphone Jack", Nov
2025 [1]
HTML [1]: https://www.wired.com/gallery/best-headphone...
wat10000 wrote 13 hours 46 min ago:
Are these popular models? Pretty sure they
arenât. So there you go: people have a choice,
and they largely choose not to get a headphone
jack.
immibis wrote 13 hours 16 min ago:
Almost like there were at least three other
features more important.
The most important letters in English are E, T
and A. I'm sure you won't notice if we remove H
from all keyboards, right? After all, the survey
says it's not in the top three. And given a
choice between a keyboard without E and one
without H, nobody buys the one without H, proving
they really don't need the H.
wat10000 wrote 11 hours 57 min ago:
Why wouldnât some keyboard manufacturer
realize that a lot of people actually do need
all of the letters, sell a keyboard with all of
them, and make bank?
This theory that people want headphone jacks
and phone makers wonât provide them makes no
sense. It requires phone makers to be so cost
conscious that theyâll remove a desirable
feature to save a few cents, yet simultaneously
so clueless that they wonât take advantage of
consumer preferences to beat their competition.
This sort of thing happens with individual
companies, but not with every single company in
a competitive market with many competitors.
I donât know why people canât just accept
that they have a minority preference. Thereâs
nothing wrong with that. Iâm sure itâs far
from your only one (I have plenty of my own,
just not this one). Thereâs nothing wrong
with general complaints that the market
doesnât cater to your minority preference.
But arguing that itâs actually the majority,
when it plainly isnât, it just weird.
immibis wrote 2 hours 59 min ago:
Why would you make a keyboard with one more
letter when everyone is buying ones without?
Would you buy a keyboard with a ⢠key? If
not, why not?
normie3000 wrote 18 hours 7 min ago:
> Most people prefer Bluetooth because you don't need to deal
with annoying wires getting tangled, ripping your earbuds
out, etc.
Thanks for this summary. I feel sad to be in a minority who
prefer wired headphones. For me it's because all their
failures you listed are issues I can understand and mitigate.
But when bluetooth goes wrong, what do I do? Usually:
1. turn off both devices and then turn them back on again
2. try to reconnect
3. if step 2 failed, give up and try again another day
I don't learn anything. I feel infantilised and helpless.
crazygringo wrote 17 hours 32 min ago:
Yeah, I think that's why a lot of people stick to
same-brand or trusted brands -- AirPods "just work" with
iPhones, in ways that other Bluetooth earbuds don't always.
ricardobeat wrote 21 hours 43 min ago:
The jacks are a physical impediment for slim phones. An adapter
costs $3 if you still want it. Itâs not a bad trade.
chmod775 wrote 11 hours 51 min ago:
Phones are already way slimmer than they should be. Now we have
top-heavy "slim" phones with huge bulges for cameras*, 50% less
battery life, reduced performance because of thermal issues,
glued together in favor of screws and rubber seals, wasting
weight and space on additional strengthening and internal
routing.
Just because people think it looks neater than the more practical
alternative.
The S2 had an amazing form factor - also with a small bulge, but
at the bottom. It's a thousand times nicer to hold and carry than
pretty much anything that came after. The S5 was fine too
(waterproof AND you could pop open the back to swap the battery,
if you can believe it!)
It's silly how much more ergonomic phones feel that don't have to
compensate for an extra half millimeter.
* Many phones had this, but it's getting really bad now. Older
phones typically also had the lens recessed to protect it, with a
slim border around it. No more space for that now.
krick wrote 10 hours 51 min ago:
I'm not even sure people think that. Apple's marketing
department thinks that, and other company marketing departments
seem to be implementing some kind of master-slave architecture,
where they are slave instances to Apple's master server. Does
anybody really check specs and deliberately choose the thinner
phone? Or do people just buy new iPhone regardless of whatever
decisions they make just because having the last iPhone is
cooler? Of course, I don't know, but I somehow really doubt
it's the former.
amarshall wrote 20 hours 4 min ago:
Maybe, but Apple doesnât make them thinner anyway so the
argument is invalid. iPhone 6S with headphone jack: 7.1mm thick.
iPhone 17 is 7.95mm thick.
makeitdouble wrote 20 hours 59 min ago:
I see the point for ultra slim phones. Except the only phones
that are slim enough to have their thickest point thinner than
that have only started to come up recently.
Imagine the same argument for USB-C: at some point phones will be
too slim to allow for that port, should every maker start
dropping it right now ? That would be nonsense.
On adapters, it's no panacea: you still want the USB port
available. Split adapters exist, but most of them only allow for
charging, and the charging rate is also usually miserable.
You could say people who appreciated that should just eat it and
feel in their bones how much the world doesn't care about them,
that would be fair. Now staying sour about it is also one's
prerogative.
PS: The biggest part for me is every other devices I own still
having a pretty good jack. Laptops still have it, game consoles,
VR headsets, TVs, high fidelity portable players, cars etc. So
keeping around a very good headphone pair is still an enjoyable
thing, except for the damn phones. Even in XL sizes. They're the
only one needing a dongle, and regardless of the price that
sucks.
dweekly wrote 20 hours 4 min ago:
On slimness: wouldn't an alternative implementation be to "do
the Magic Mouse" and put the USB C port on the back of the
phone instead of the edge? Alternatively I could imagine
MagSafe alignment / charging magnets plus an NFC like inductive
communication (or contact pads) to allow for a range of "snap
on" peripherals for phone backs that could be implemented on
devices thinner than a USB C port.
makeitdouble wrote 13 hours 26 min ago:
If we really engineer around the same connector with extra
thinness the best bet could be on partly open ports: if the
phone covered 75% of the barrel circumference by left out the
other 25% exposed I assume it would still work.
I see it through the same lens as the cassette players like
the Toshiba KT-AS10 that left part of the cassette outside
for the absolute minimal footprint: [1] PS: there is a mini
headphone jack standard, but I'm not sure it's any good. At
least it would clear the DAC problem, just still need a
dongle.
HTML [1]: https://qth.tzpfsokx.cloud/index.php?main_page=produ...
amarshall wrote 19 hours 14 min ago:
No, the connector is longer than it is tall.
p0w3n3d wrote 21 hours 37 min ago:
3$ adapter will have low quality DAC
tialaramex wrote 11 hours 8 min ago:
DACs are very cheap. The BOM gap between "This DAC barely
works" and "It won't sound any better if we spend more" for a
headphone DAC is probably a dollar or so. This isn't some 1980s
analogue technology where we need to spring for the best
materials to get good results, and the components needed are
all readily available from many suppliers today.
astrange wrote 14 hours 59 min ago:
The DAC in Apple's $10 adapter is higher quality than most
"audiophile" DACs because Apple has a larger R&D budget and is
better at manufacturing than the entire audiophile industry
combined.
Same for Google's, though it's slightly less good iirc.
They aren't perfect - the maximum volume and impedance are
pretty low so you do need an amp to electrically drive
insensitive headphones.
mrheosuper wrote 9 hours 23 min ago:
nah, they are on par with other $10 chinese DAC, which is
quite achievement for Apple tbh. I guess Apple decided to not
apply "Apple tax" to those dongle.
brewmarche wrote 13 hours 50 min ago:
Thereâs a difference between the European version of the
Apple dongle and other regions. The European version maxes
out at 0.5 Vrms instead of 1 Vrms.
crazygringo wrote 19 hours 2 min ago:
But the $9 Apple one is very high quality:
HTML [1]: https://www.audioreviews.org/apple-audio-adapter-revie...
simpaticoder wrote 21 hours 51 min ago:
I agree the loss of the 3.5mm jack is a short-sighted and poor
decision. There is at least one mitigation, which is the ability to
recover the jack through a USB-C DAC. Apple sells them for USD10. I
have several, in the car and in my backpack.
It's not a good solution though. In particular I find the USB-C
port gets worn out pretty quickly. Its also easy to lose the dongle
and of course it's more complicated to setup. (I'm not sure how to
articulate the "it's more complicated" part. Adding the dongle
elevates the action of "plug in headphones" from something you can
do without attention to something that requires attention, and I
don't like that.)
kalleboo wrote 10 hours 35 min ago:
Can't you just leave a dongle on any wired headphones you have?
Assuming you only use them with your phone and computer and don't
have a CD player or something.
makeitdouble wrote 6 hours 12 min ago:
> Assuming you only use them with your phone
This is really where it hits. Every other device has a proper
jack, so the dongle needs to be kept somewhere every other
time.
kalleboo wrote 4 min ago:
I guess that's my question, what other devices are people
using? I'm just curious where people need to remove the
dongle because maybe I have bad imagination but not much
comes to mind.
I listen to music on earbuds on my phone on the go, a laptop
at a cafe, and on my computer at my desk - all these have
USB-C.
Even modern DAPs like Sony Walkman have USB-C as they are
typically based on Android.
That leaves all the "legacy" devices that only a small
minority use - home hi-fi stacks, vinyl record players,
iPods, CD players, minidisc players?
gopher_space wrote 13 hours 6 min ago:
Get a set of wired headphones without a built-in cord. Then you
can use any USB-C to 3.5 male cord like normal.
simpaticoder wrote 12 hours 50 min ago:
You can't use a passive cable for this - there may be a
USB-to-audio standard, but it's not widely implemented anymore.
You need a DAC.
hamburglar wrote 14 hours 28 min ago:
Also, seemingly without exception, the dongle itself is fragile
and ends up causing constant crackling after a while.
CharlesW wrote 22 hours 48 min ago:
The official reason was, famously and ridiculously, "courage". Apple
further explained that space is at a premium, listed the many things
competing for that space, and noted that a large, single-purpose
legacy connector no longer made sense.
A lot of Apple's strategic choices are driven by products that take
5, 10, or sometimes 20 years to realize. For example, the forthcoming
foldable iPhone (and the proving ground for many related decisions,
the iPhone Air) was on roadmaps literally a decade before a decision
like this reverberates through released products.
Putting a high-quality DAC in a dongle wasn't a terrible solution
(many phones with analog jacks have poor ones), and today hundreds of
headphones¹ courageously have native USB-C support.
¹
HTML [1]: https://www.bhphotovideo.com/c/products/usb-c-headphones/ci/...
realusername wrote 22 hours 42 min ago:
Apple is very late to the foldable phones now, not sure that's the
best example
throw0101c wrote 21 hours 56 min ago:
> Apple is very late to the foldable phones now, not sure that's
the best example
âPC guys are not going to just figure this out. Theyâre not
going to just walk in.â â Palm CEO Ed Colligan, 2006, [1]
âA wizard is never late, nor is he early, he arrives precisely
when he means to.â â Gandalf the Gray
:)
HTML [1]: https://www.engadget.com/2006-11-21-palms-ed-colligan-la...
realusername wrote 21 hours 48 min ago:
By "late", I mean they are starting to lose market share
because of that in some regions, that kind of late.
CharlesW wrote 22 hours 28 min ago:
Regardless, the point of mentioning it is that Apple commonly
makes decisions that can seem bizarre to people who don't
consider systemic and longer-term reasons why they might've been
made. Another micro-example of this that comes to mind is Tahoe's
mostly-reviled chonky window borders, which along with many other
gradual UX changes over years, absolutely foreshadow touchscreen
Macbooks.
realusername wrote 22 hours 19 min ago:
They've also been late sometimes and had to change by force
their assumptions, the first app store in iOS was cydia and a
lot of what we consider modern iOS design was copied over from
the jailbreaking community.
dijit wrote 1 day ago:
And everyone got mad at OpenBSD for refusing to develop bluetooth.
Itâs a messy standard and we shouldnât be surprised that the race
to the bottom has left some major gaps.. though Sony WH1000âs are
premium tier hardware and they have no real excuses..
I always wondered how people could justify the growth of the bluetooth
headphone market in such a way.. Everyone seems to use bluetooth
headphones exclusively (in Sweden at least), Iâm guilty of buying
into it too (I own both Airpods Proâs and the affected Sony
WH1000-XM5) but part of me has always known that bluetooth is just
hacks on hacks⦠I allowed myself to be persuaded due to popularity.
Scary.
I was also trying to debug bluetooth âglitching audioâ issues and
tried to figure out signal strength as the first troubleshooting step:
I discovered that people donât even expose signal strength anymoreâ¦
the introspection into whatâs happening extends literally nowhere,
including not showing signal strength⦠truly, the whole thing is
cursed and Iâm shocked it works for the masses the way it does.. can
you imagine not displaying wifi signal strength?
amelius wrote 21 hours 4 min ago:
Honestly, can't we just ditch BT and send audio over WiFi?
One thing less to worry about.
girvo wrote 3 hours 12 min ago:
That exists, using proprietary 2.4ghz dongles usually, but
theyâre much higher power draw.
mrheosuper wrote 9 hours 27 min ago:
and enjoy your precious 1 hour of listening time.
The whole tcp/ip, wifi stack is at least a magnitude more complex
than bluetooth one, and the wifi radio generally consumes more
power.
Namidairo wrote 12 hours 1 min ago:
Qualcomm kind of does this with their XPAN extension, sends the
audio over local network. I believe it's mostly a proprietary
solution though, so I haven't seen any serious attempts to
re-implement it yet.
cloudfudge wrote 15 hours 46 min ago:
"Just use wifi for headphones"
and
"One less thing to worry about"
These are not compatible statements. :)
wolvoleo wrote 17 hours 41 min ago:
WiFi is nowhere near as low energy as Bluetooth is.
michaelt wrote 19 hours 3 min ago:
If you think wireless headphones are insecure today, I very much
doubt connecting them directly to the internet would improve the
situation.
theteapot wrote 16 hours 55 min ago:
AFAIK Wifi Direct has quite wide hardware support -- [1] . But
few people know about it?
HTML [1]: https://en.wikipedia.org/wiki/Wi-Fi_Direct
amelius wrote 18 hours 51 min ago:
WiFi does not necessarily mean it's connected to the internet.
jorvi wrote 21 hours 32 min ago:
> And everyone got mad at OpenBSD for refusing to develop bluetooth.
Alright, so when is OpenBSD patching out USB support? Such a giant
exploit vector.
stefan_ wrote 23 hours 48 min ago:
This is not a Bluetooth issue. The chip manufacturer Airoha just felt
it acceptable to ship a wireless debug interface that allows reading
the SoC memory with no authentication whatsoever, enabled in retail
customer builds. They are just not a serious company (which is why
their security email didn't work, either).
amelius wrote 20 hours 35 min ago:
I mean, most companies have security last on their budget list.
It tells more about human nature than about a company.
This can only be fixed systemically by huge fines and/or
imprisonment. Otherwise the temptation of taking the risk to
neglect security is too strong.
LargoLasskhyfv wrote 21 hours 19 min ago:
Wireless 'JTAG'! The Dream :)
H8crilA wrote 13 hours 13 min ago:
Now that's a premium product if I've ever seen one.
mrheosuper wrote 9 hours 28 min ago:
Pretty sure modern apple watch has wireless "Jtag", so yeah.
raverbashing wrote 23 hours 50 min ago:
Sometimes plugging a cord is a minor inconvenience.
But sometimes it's a large inconvenience
Example: if I'm using my laptop for work but at a slightly longer
distance (think, using external monitor/keyboard) then it gets
annoying (cord has to hang from the connection, or it gets between
you and the keyboard, etc)
pyvpx wrote 23 hours 59 min ago:
Some of us kept using OpenBSD (longer than they shouldâve?) because
of that and a few other related decisions.
So who is everyone, in your meaning?
antirez wrote 23 hours 12 min ago:
You can't read English like if it was a declarative logical
language. It is obviously an hyperbole to say "everyone". It means
"a lot of people". So why they didn't say "a lot of people"?
Language uses hyperboles to make a point stronger.
aeonik wrote 21 hours 46 min ago:
Some people use hyperbole to make a point, and some people see
this as a red flag, and causes them to lose trust.
dijit wrote 23 hours 55 min ago:
It comes up enough that I am comfortable saying that it feels like
âeveryoneâ to the OpenBSD devs. [1] [2] [3]
HTML [1]: https://news.ycombinator.com/item?id=25950845
HTML [2]: https://news.ycombinator.com/item?id=45798439
HTML [3]: https://news.ycombinator.com/item?id=34667522
HTML [4]: https://news.ycombinator.com/item?id=43144607
swores wrote 1 day ago:
I don't have time right now to watch the video and will be coming back
to do so later, but here's a couple of snippets from the text on that
page that made me want to bother watching (either they're overhyping
it, or it sounds interesting and significant)
> The identified vulnerabilities may allow a complete device
compromise. We demonstrate the immediate impact using a pair of
current-generation headphones. We also demonstrate how a compromised
Bluetooth peripheral can be abused to attack paired devices, like
smartphones, due to their trust relationship with the peripheral.
> This presentation will give an overview over the vulnerabilities and
a demonstration and discussion of their impact. We also generalize
these findings and discuss the impact of compromised Bluetooth
peripherals in general. At the end, we briefly discuss the difficulties
in the disclosure and patching process. Along with the talk, we will
release tooling for users to check whether their devices are affected
and for other researchers to continue looking into Airoha-based
devices.
[...]
> It is important that headphone users are aware of the issues. In our
opinion, some of the device manufacturers have done a bad job of
informing their users about the potential threats and the available
security updates. We also want to provide the technical details to
understand the issues and enable other researchers to continue working
with the platform. With the protocol it is possible to read and write
firmware. This opens up the possibility to patch and potentially
customize the firmware.
Rygian wrote 19 hours 20 min ago:
Here's an excerpt from [1]:
> Step 1: Connect (CVE-20700/20701) The attacker is in physical
proximity and silently connects to a pair of headphones via BLE or
Classic Bluetooth.
> Step 2: Exfiltrate (CVE-20702) Using the unauthenticated
connection, the attacker uses the RACE protocol to (partially) dump
the flash memory of the headphones.
> Step 3: Extract Inside that memory dump resides a connection table.
This table includes the names and addresses of paired devices. More
importantly, it also contains the Bluetooth Link Key. This is the
cryptographic secret that a phone and headphones use to recognize and
trust each other.
> Note: Once the attacker has this key, they no longer need access to
the headphones.
> Step 4: Impersonate The attackerâs device now connects to the
targets phone, pretending to be the trusted headphones. This involves
spoofing the headphones Bluetooth address and using the extracted
link-key.
> Once connected to the phone the attacker can proceed to interact
with it from the privileged position of a trusted peripheral.
HTML [1]: https://news.ycombinator.com/item?id=46454740
DIR <- back to front page