Security Experts:

Connect with us

Hi, what are you looking for?



Bose Wireless Headphones Spy on Users, Lawsuit Claims

Bose Headphones Join the Internet of Spying Things

Bose Headphones Join the Internet of Spying Things

Bose wireless headphones, that sell for up to $350, collect the listening habits of users via an associated app. This data is transmitted to Bose, who then passes the data to a marketing company, a lawsuit alleges. One aggrieved user brought the class action suit against Bose, alleging infringement of the federal Wiretap Act and numerous state laws.

Illinois case 17-cv-2928, brought by Bose customer Kyle Zak “on behalf of others similarly situated” claims the case is worth more than $5 million; but without specifying damages, seeks a jury trial.

The lawsuit states that Bose introduced a mobile phone app, the Bose Connect, in 2016 to remotely control and manage the headphones via a Bluetooth connection. Bose advertised this with the claim, the “Bose Connect app unlocks current and future headphone features. Download now.”

Unknown to the customer, states the lawsuit, Bose “designed Bose Connect to (i) collect and record the titles of the music and audio files its customers choose to play through their Bose wireless products and (ii) transmit such data along with other personal identifiers to third-parties — including a data miner — without its customers’ knowledge or consent.”

Since Bose also asks for the name, email address and the product’s serial number, it is able to build detailed listening habits of known individuals.

These listening habits can help produce a personal profile of the customer. The lawsuit claims that “numerous scientific studies show that musical preferences reflect explicit characteristics such as age, personality, and values, and can likely even be used to identify people with autism spectrum conditions.” Audio podcasts can be even more revealing, potentially identifying the race, religion, sexual orientation and health issues of the listener.

Such privacy issues usually revolve around the concept of informed consent. Zak claims that he would not have purchased the headphones had he been aware of the data collection. The privacy policy with the app, however, makes it clear that Bose collects data, tracks the user and shares that data. “We share the information that we collect with a variety of third parties. Additionally, other third parties collect information directly through the app.”

This clear statement would be a red flag to any privacy-conscious user. However, by the time it is seen, the user will almost certainly have already spent up to $350 on the headphones themselves. Although they can function without the app, it is the app that maximizes their quality.

Zak is represented by Christopher Dore, a partner at Edelson PC. According to Reuters, Edelson specializes in suing technology companies over alleged privacy violations. Dore told Reuters that customers do not see the Bose app’s user service and privacy agreements when signing up, and the privacy agreement says nothing about data collection.

This last comment is either wrong, or the app’s privacy policy has since been updated.

In February 2017, Smart TV manufacturer Vizio agreed to pay an FTC settlement of $2.2 million over allegations that it collected information on users viewing habits without their knowledge. Although the settlement did not include an admission of ‘guilt’, Vizio will now prominently display its wish to collect data, and ensure it obtains affirmative express consent.

Late last year, a team of researchers demonstrated how a piece of malware could spy on users by silently turning their headphones into a microphone that can capture audio data from a significant distance. Early this year, German regulators banned an internet-connected doll called “My Friend Cayla” after warning that it was a de facto “spying device”.

Related Reading: Shazam for Mac Keeps Listening Even When Disabled

Related Reading: Malware Can Spy on Users via Headphones: Researchers

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.


The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...


The U.S. is tracking a suspected Chinese spy balloon spotted over U.S. airspace, officials said on Feb. 2, 2023.


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...