Hearing Technologies Starkey 900sync, Quick Start Manual

Page: 3 / 5

Wireless Hearing Aid Data Security Statement – page 3
is convenient for the patient but is vulnerable to eavesdropping or man in the middle attacks
during pairing
7
. During pairing, the devices each generate encryption keys and exchange them
with the other device. If keys are stolen, it is possible, but very difficult, to decipher information
sent from one device to the other. The probability of this occurring is remote for three reasons.
1) The equipment needed to acquire the keys is very specialized and expensive, 2) the range of
the transmission is limited to around 10 meters, and 3) Pairing is only required to be completed
once. An attacker would need to be present with said specialized equipment and in range at
this exact time to obtain the link keys. Subsequent connections thereafter will not have this
vulnerability and will be confidential. Therefore, it is highly unlikely that anyone would have the
equipment necessary and be in a position to steal the link key during pairing. However, if
security is a concern, it is suggested that while performing pairing a person do this in the privacy
of their own home or in another trusted place to ensure that your key is not stolen during this
process.
It is not possible to eavesdrop on audio streamed between the paired iPhone or Android phone
8
and the 2.4 GHz hearing aid by attempting to connect an intruder’s Bluetooth device to the
hearing aid, since the Bluetooth protocol used encrypts the audio stream on a per-link basis.
Note that audio is streamed from a paired iPhone or Android phone to a 2.4 GHz hearing aid.
Audio is only streamed from the hearing aid to a paired iPhone or Android phone when the
Personal Voice Assistant 2.0 feature
9
is used. This feature is triggered by a hearing aid user
control actuation and the stream lasts for up to 10 seconds to do voice recognition. The audio is
transported over an encrypted BLE link. If a user is concerned about security or privacy, they
can disable this feature using the mobile app. Also, the user can configure the feature to use
the local microphone on the phone rather than hearing aid microphone to capture the user’s
voice.
If the user’s iPhone or Android phone is off, its Bluetooth radio is off, or it is out of range when
the hearing aid is powered up, it is possible for an unwanted device to pair and thus connect to
the hearing aid. Note that a 180 second pairable timeout applies to all Bluetooth devices. After
180 seconds OR after a paired iOS/Android device is connected, a hearing aid will only accept
connections from BLE devices that are already paired. This is our primary mechanism for
mitigating a denial of service attack. If the unwanted device is able to connect to the hearing
aid, it can exercise the existing controls of the hearing aid and prev
ent the user’s own iPhone or
Android phone from connecting to the hearing aid. This would be detected by the user since
the hearing aid would no longer respond to the Thrive app on the user’s iPhone or Android
phone.
Therefore, a useful test to verify tha t no other Bluetooth device other than the user’s iPhone or
Android phone is connected to the 2.4 GHz hearing aid is for the user to attempt to connect
their iPhone or Android phone with the Thrive app to their hearing aids after hearing aid power-
up. If the connection attempt succeeds, no other Bluetooth device can connect to these hearing
aids as long as the hearing aids remain powered up, the iPhone or Android phone and its
7
Once pairing has occurred, then all future communications are encrypted.
8
Audio streaming from Android phones is only supported by Livio, Livio AI, and Livio Edge AI hearing aids.
9
This feature was introduced in February 2020 with the Sydney program.