Unroll 在旁邊燒的時候 (參考 Uber 戰火蔓延到 Unroll)，Bose 也不甘寂寞決定跟上科技業的潮流：「Bose headphones spy on listeners: lawsuit」。
Bose 直接將他們 app 收集到的資訊拿出來賣：
Bose Corp spies on its wireless headphone customers by using an app that tracks the music, podcasts and other audio they listen to, and violates their privacy rights by selling the information without permission, a lawsuit charged.
這次打算控告的產品包括這些 (這邊提到的 Zak 是原告)：
Zak is seeking millions of dollars of damages for buyers of headphones and speakers, including QuietComfort 35, QuietControl 30, SoundLink Around-Ear Wireless Headphones II, SoundLink Color II, SoundSport Wireless and SoundSport Pulse Wireless.
The case is Zak v Bose Corp, U.S. District Court, Northern District of Illinois, No. 17-02928.
不需要任何外掛或 exploit，就純粹是利用 cache 反應時間的 side-channel attack。另外由於 AMD 的 cache 架構不同，這次的攻擊實作僅對 Intel 有效：
The Intel cache micro-architecture isinclusive– all elements in the L1 cache must also exist in the L2 and L3 caches. Conversely, if a memory element is evicted fromthe L3 cache, it is also immediately evicted from the L2 and L1 cache. It should be noted that the AMD cachemicro-architecture is exclusive, and thus the attacks described in this report are not immediately applicable tothat platform.