{"id":44228,"date":"2025-05-25T01:32:26","date_gmt":"2025-05-25T01:32:26","guid":{"rendered":""},"modified":"2025-09-07T17:19:50","modified_gmt":"2025-09-07T23:19:50","slug":"cve-2024-58101-unprotected-bluetooth-pairing-in-samsung-galaxy-buds","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2024-58101-unprotected-bluetooth-pairing-in-samsung-galaxy-buds\/","title":{"rendered":"<strong>CVE-2024-58101: Unprotected Bluetooth Pairing in Samsung Galaxy Buds<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>CVE-2024-58101 is a notable security vulnerability discovered in Samsung&#8217;s Galaxy Buds and Galaxy Buds 2 audio devices. These devices, popular among consumers worldwide, are Bluetooth pairable by default, and currently lack an option for users to disable this mode. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32363-critical-vulnerability-in-medidok-allowing-remote-code-execution\/\"  data-wpil-monitor-id=\"49828\">vulnerability matters primarily because it allows<\/a> potential attackers to take over audio playback or even record from the device&#8217;s microphone without user consent or notification. With the widespread use of these devices, the risk of <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-39401-unrestricted-file-upload-leading-to-potential-system-compromise-in-mojoomla-wpams\/\"  data-wpil-monitor-id=\"52122\">system compromise<\/a> or data leakage is significant and concerning.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2024-58101<br \/>\nSeverity: High (8.1 CVSS score)<br \/>\nAttack Vector: Bluetooth<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-39350-unauthorized-access-vulnerability-in-rocket-apps-wproject\/\"  data-wpil-monitor-id=\"55688\">Unauthorized access<\/a> to audio playback and microphone recording<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2657595876\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>Samsung Galaxy Buds | All versions<br \/>\nSamsung Galaxy Buds 2 | All versions<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit leverages the fact that these devices are <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-41438-default-account-exploit-in-cs5000-fire-panel-systems\/\"  data-wpil-monitor-id=\"57048\">Bluetooth<\/a> pairable by default without requiring user input. An attacker within Bluetooth range can initiate a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-48000-critical-privilege-escalation-vulnerability-in-windows-connected-devices-platform-service\/\"  data-wpil-monitor-id=\"80278\">connection to the device<\/a>. Once paired, the attacker has control over audio playback and has access to the microphone, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5098-printershare-android-app-vulnerability-allows-unauthorized-gmail-account-access\/\"  data-wpil-monitor-id=\"55126\">allowing for unauthorized<\/a> listening or recording.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3014871734\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>While this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-24022-critical-server-code-execution-vulnerability-in-itop-it-service-management-tool\/\"  data-wpil-monitor-id=\"49849\">vulnerability does not involve code execution<\/a>, the exploit could be conceptualized as follows:<\/p>\n<pre><code class=\"\" data-line=\"\"># Attacker device discovers vulnerable Bluetooth device\n$ bluetoothctl scan on\n# Attacker pairs with vulnerable Bluetooth device\n$ bluetoothctl pair [device MAC address]\n# Attacker connects to vulnerable Bluetooth device\n$ bluetoothctl connect [device MAC address]\n# Attacker takes over audio playback or starts recording from microphone\n$ pacat --record &gt; recording.wav<\/code><\/pre>\n<p>Please note that this is a conceptual example and not a real exploit command. It&#8217;s provided to illustrate the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3090-unauthenticated-remote-attack-leading-to-potential-data-leakage-and-system-compromise\/\"  data-wpil-monitor-id=\"80279\">potential approach an attacker<\/a> might take.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Samsung is aware of the issue and has classified it as a low <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47577-severe-unrestricted-file-upload-vulnerability-in-ti-woocommerce-wishlist\/\"  data-wpil-monitor-id=\"52121\">severity vulnerability<\/a>. Users are advised to apply vendor patches, once available. In the interim, using Web Application Firewalls (WAF) or Intrusion Detection Systems (IDS) may serve as a temporary mitigation. These can detect and prevent <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47884-jenkins-openid-connect-provider-plugin-vulnerability-leading-to-unauthorized-access\/\"  data-wpil-monitor-id=\"52123\">unauthorized Bluetooth connections<\/a>, thereby minimizing the risk of exploitation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview CVE-2024-58101 is a notable security vulnerability discovered in Samsung&#8217;s Galaxy Buds and Galaxy Buds 2 audio devices. These devices, popular among consumers worldwide, are Bluetooth pairable by default, and currently lack an option for users to disable this mode. This vulnerability matters primarily because it allows potential attackers to take over audio playback or [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-44228","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/44228","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=44228"}],"version-history":[{"count":7,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/44228\/revisions"}],"predecessor-version":[{"id":72696,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/44228\/revisions\/72696"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=44228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=44228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=44228"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=44228"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=44228"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=44228"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=44228"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=44228"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=44228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}