Bluetooth failure exposes millions of premium headphones to espionage
TECHNOLOGY

Bluetooth failure exposes millions of premium headphones to espionage

administrator

NEWNow you can listen to News articles!

Bluetooth headphones are supposed to make life easier. You put them on, press the game and forget that they exist. But researchers have discovered that some of the most popular audio products on the market could be doing more than transmitting their playlist.

The cyber security firm Ernw has revealed that 29 devices that use Airoha Bluetooth chips are vulnerable to attacks that could expose their personal data or let someone shine their conversations. The affected devices come from known brands, including Bose, Sony, JBL, Jabra and Marshall. They include headphones, headphones, speakers and wireless microphones.

Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my definitive scam survival guide: C free when I join me Cyberguy.com/newsletter

FBI warns more than 1 million Android devices kidnapped by malware

Bluetooth 1

A pair of bluetooth headphones next to a laptop (Kurt “Cyberguy” Knutsson)

Bluetooth defects that go beyond discomfort

Bluetooth faults in question are integrated in Airoha chips commonly used in real wireless audio devices, as reported by Bleepingcomuter. Three failures were revealed, each allowing an attacker to obtain some level of unauthorized access. The most serious failure allows an attacker to read or manipulate data exploiting a personalized protocol used by the chip. The three failures have been assigned official and obtained CVE numbers between the average and high gravity.

What is artificial intelligence (AI)?

To be clear, these are not casual attacks. They require proximity and technical experience. But when it succeeds, the results are worrisome. The researchers showed that they could extract call records, contact lists and media that are reproduced. They could even force a phone to make a call without user knowledge. Once connected, they could listen to any sound that the phone collected.

In a concept test, the researchers recovered the Bluetooth link keys from the memory of a headset. This allowed them to impersonate the device and kidnap the connection to the phone. With that access, they could issue commands using Bluetooth’s hands -free profile, a characteristic available on most modern phones.

Bluetooth 2

A pair of bluetooth headphones (Kurt “Cyberguy” Knutsson)

Bluetooth headphones list and Airoha chips safety failures vulnerable

ERNW researchers have identified the following devices as vulnerable:

  • Beyerdynamic Ammon 300
  • Bose quietcomfort aurits
  • ATACKET ABMITTENT
  • Elite 8 Active Jabra
  • JBL Race 2
  • JBL Live Buds 3
  • JLAB EPIC AIR SPORT ANC
  • Marshall Acton III
  • Marshall Major v
  • Marshall Minor IV
  • Marshall Motif II
  • Marshall Stanmore III
  • Marshall Woburn III
  • Moerlabs Ecobeatz
  • Sony CH-720N
  • Sony Link Buds S
  • Sony Ult Wear
  • Sony WF-1000xm3
  • Sony WF-1000xm4
  • Sony WF-1000xm5
  • Sony WF-C500
  • Sony WF-C510-GFP
  • Sony Wh-000xm4
  • Sony Wh-000xm5
  • Sony Wh-000xm6
  • Sony Wh-Ch520
  • Sony Wh-XB910n
  • Sony Wi-C100
  • Teufel Tatws2

Get the News business on the fly by clicking here

Keep in mind that this list may not include all products affected by these vulnerabilities. As more research arises, the list could change. In addition, not all devices face the same risks. For example, at least one manufacturer seems to have approached CVE-2025-20700 and CVE-2025-20701. However, we do not know if this solution was intentional or accidental.

Due to these factors, obtaining a complete and precise image of which devices are really safe remains a challenge. As a consumer, alert must be maintained with the updates and consult with the manufacturer of your device to obtain the most recent information.

Bluetooth 3

A pair of bluetooth headphones (Kurt “Cyberguy” Knutsson)

Firmware updates are implemented but the spaces remain

Airoha has addressed vulnerabilities in its software development kit (SDK) and has published an updated version to device manufacturers in early June. These manufacturers are now responsible for building and distributing firmware updates to the affected products. If you have not seen an update yet, you should arrive soon, although some may already be available.

However, there is a trap. According to a report by the German exit Heise, many of the most recent firmware updates for the affected devices were published before Airoha provided its official solution. This means that some products may still be executing a vulnerable code, despite appearing updated.

To make things more complicated, consumers are generally not directly notified about these updates. Firmware patches for headphones and similar devices are often installed in silence, or in some cases, cannot be delivered at all. As a result, most users have no way of knowing if their devices are safe or still exposed to risk.

We communicate with the 10 companies for a comment, but we do not receive an answer before our deadline.

5 ways in which Bluetooth vulnerabilities can be kept safe

1. Regularly verify firmware updates: Visit the manufacturer’s application or website to manually verify firmware updates, even if you have not received a notification. Automatic updates are not always reliable, especially for headphones and headphones.

2. Bluetooth turn off when not in use: Disable Bluetooth when you do not actively use it reduces your exposure window and makes it more difficult for attackers to point to your device.

3. Use devices in low risk areas: Since these attacks require near proximity, avoid using Bluetooth audio devices in crowded or unknown public places where someone close could exploit vulnerabilities.

4. Pareja of devices with sources of trust only: Avoid combining your Bluetooth headphones with unknown phones, computers or public terminals. Once matched, those devices can sometimes maintain a connection or restore one without their knowledge, which increases the risk of abuse if they are compromised.

5. Delete unused matched devices: Go to the Bluetooth configuration and eliminate old or unknown couples. This helps prevent unauthorized reconnections of previously reliable devices that can now be compromised.

Click here to get the News application

Kurt key takeway

The real concern here is not the Bluetooth defect itself, but what happens when the software within everyday devices fails silently. Vulnerabilities like this are not unusual, but the way they are handled often leaves users in the dark. While consumers cannot see or control the software that runs within their own headphones, problems like this will continue to happen.

Should manufacturers be required to notify users directly when security failures are discovered in their products? Get us knowing in Cyberguy.com/contact

Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my final scam survival guide, free when I join me Cyberguy.com/newsletter

Copyright 2025 Cyberguy.com. All rights reserved.

Kurt “Cyberguy” Knutsson is a award -winning technological journalist who has a deep love for technology, equipment and devices that improve life with their contributions for News & News Business Startzing Mornings in “News & Friends”. Do you have a technological question? Get the free Kurt’s free newsletter, share your voice, an idea of the story or comment on Cyberguy.com.

Leave a Reply

Your email address will not be published. Required fields are marked *