New Security Risk for Bluetooth Audio Devices
A new flaw called WhisperPair lets hackers track and eavesdrop on people using Bluetooth audio devices.
What is WhisperPair?
WhisperPair is a flaw that hackers can use to access Bluetooth audio devices. A hacker group called UAT-8837 has been using this flaw to attack organizations in North America.
How do Hackers Use WhisperPair?
Hackers use WhisperPair to gain access to organizations by exploiting vulnerabilities in servers and using compromised credentials. They then use Windows native commands to collect sensitive data like credentials.
- Hackers use open-source utilities to evade detection.
- They target credentials, AD topology, and security policies.
- They can exfiltrate files from products used by victims, which can be used for future attacks.
Cisco Talos researchers have medium confidence that UAT-8837 is connected to Chinese operations. They have provided a list of indicators of compromise for UAT-8837 activity.
Stay safe by being aware of this new security risk. Make sure to keep your devices and software up to date to protect yourself from hackers.
Be careful when using Bluetooth audio devices, as they can be vulnerable to the WhisperPair flaw.