The headphones they Bluetooth earphones That you use every day to listen to music, make calls or relax with a podcast could contain a surprisingly serious security flaw. A recent study conducted by Ernwa team of German researchers, identified a set of vulnerability present in many wireless audio devices, linked to the use of details Bluetooth chip produced by the Taiwanese company Airoha and used by Dozens of brands including Sony, Marshall, Bose, Jabra and JBL.
The discovered flaw allows, in precise conditions, to a hacker of control of your headphones without the need for any authentication or coupling process (the so -called pairing). The fundamental requirement? Be within the Bluetooth action, that is, within ten meters from you.
The good news is that this type of attack requires advanced skills, specific tools and the physical presence of the attacker nearby. The bad news, however, is that if all these conditions are satisfied, an attacker could intercept what you are listening to, steal the audio from the microphone or, in the most serious cases, impersonate your headphones and command your smartphone, for example to start calls without them realizing it. In this in -depth analysis, in addition to explaining more in detail how hackers can attack your Bluetooth headphoneswe will provide you with some tips on signals to understand if you are a victim of an attack of this type.
What is the uncovered vulnerability and what you risk
Everything starts from a family of microchip called Soc (System on a chip), produced by Airohaan important player in the ear sector TWS (True wireless stereo). These chips are integrated into many audio devices and manage all Bluetooth communications. Some of these models are by mistake an unprotected communication protocol, which allows those who are within the action of action to read and write data in the memory of the device. In practice, it is as if a door on the back of your headset had remained open and accessible to anyone who is close enough to be able to enter it without having to ask for any permission.
The researchers identified Three main flawsrecorded with codes CVE-2025-20700, Cve-2025-20701 And Cve-2025-20702with levels of gravity between the high and the critic. The possibilities that this vulnerability offers to a possible striker are numerous. Among those mentioned by the researchers, we find those mentioned below.
- Reading of the content present in RAM: This allows attackers to read the information relating to reproduction audio files, as highlighted in the following image.
- Microphone control: Attackers can exploit vulnerability to activate the microphone without permission and use the latter as a “environmental bedbur” by diving the audio from the microphone towards other Bluetooth devices. Regarding this, the researchers explained:
The set of vulnerabilities opens multiple interception scenarios. The simplest implementation of an EVESDROPING attack takes advantage of the break of the paring br/edr. We have shown that it is possible to simply establish a Bluetooth HFP connection with vulnerable devices and listen to what their microphone is recording. However, since these devices are able to manage only one Bluetooth audio connection, all the connections preceding the headphones will be abandoned, making the attack poorly clandestine. To go unnoticed, the headphones must be turned on, but do not actively use.
- Control of the connected device: Ernw was able to demonstrate an exploit that allowed the call of an arbitrary number from the smartphone and, according to what the researchers said “The established call has made it possible to successfully earthenses conversations or sounds at the ear of the phone». The control of the connected device also allows you to extract the data of the chronology of the calls and data of the contacts stored.
On a technical level, these vulnerabilities occur in two ways: one via the protocol Ble (Bluetooth Low Energy), and the other through the Bluetooth br/edr. In both cases, the lack of authentication allows the attacker to access the device without having to associate it first to your phone or computer. This makes the attack much easier for those with the necessary skills, but relatively out of the reach of users with less advanced IT skills.
In light of all this, therefore, to pull the sums a little, we can say that the situation is serious. However, it is not necessary to give in to easy alarmism, given that the attacks, according to the researchers, must meet the following conditions:
(1) Bluetooth works only a short distance. To exploit vulnerability, an attacker must be physically close to you, for example in the same room, bars or buses. This is the only technical condition. (2) Take advantage of multiple technical passages to perfection without being noticed, which requires a high set of technical skills.
The models involved
In the report drawn up by Ernw a List of models involved. Even if the list in question may not be exhaustive, we propose it below again.
- BeyerDynamic Amiron 300
- Bose quietcomfort Earbuds
- Earismax Bluetooth Auracast Sender
- Jabra Elite 8 Active
- JBL Endurance Race 2
- JBL Live Buds 3
- Jlab Epic Air Sport Anch
- Marshall Acton III
- Marshall Major V
- Marshall Minor IV
- Marshall Motif II
- Marshall Stanmore III
- Marshall Woburn III
- MoerLabs Echobeatz
- Sony ch-720n
- Sony Link Buds s
- Sony ult wear
- Sony WF-1000XM3
- Sony WF-1000XM4
- Sony WF-1000XM5
- Sony WF-C500
- Sony WF-C510-GFP
- Sony WH-1000XM4
- Sony Wh-1000xm5
- Sony WH-1000XM6
- Sony Wh-Ch520
- Sony WH-XB910N
- Sony Wi-C100
- Teufel Tatws2
Jabraone of the producers involved, confirmed a Forbes The existence of the problem:
In Jabra we are aware of the recently discovered Bluetooth vulnerability for Airoha chipset devices, which include the headsets Jabra Elte 8 and Elite 10. We took measures immediately to work on a firmware update to include Airoha’s security patch and this will be launched very early. Jabra continues to support Elite 8 and 10 earphones despite the fact that last year has interrupted the production of the Elite products line. We want to emphasize that no other audio device or Jabra viewer within our wallet is affected by this vulnerability.
How to understand if your bluetooth headphones and earphones are hacked
How to understand, then, if your headphones have been compromised? The researchers did not provide information about it. You may, however, pay attention to some possible signals of intrusioncommon to hacker attacks concerning the Bluetooth protocol. First, if you notice a abnormal consumption of the headphones battery (or even yours smartphone), as well as a unusual overheating or sudden malfunctionsyou should deepen the thing, as these could represent clues to possible unauthorized access to a Bluetooth device.
Another clue not to be ignored is theinexplicable increase in the use of mobile data: Some IT attacks provide that intercepted information is automatically sent via the Internet, making data traffic grow. And again: if you notice calls never made, Unknown contacts saved in the address bookor new apps that you don’t remember having installedthere is the possibility that someone has exploited unauthorized access, perhaps precisely through your headphones.
And then As you can defend yourself? First of all, Check if your earphones or wireless headphones model is among those potentially vulnerable (Referring to the list of models reported by Ernw that we proposed to you in the previous chapter), taking into account that the list in question is not exhaustive. Regularly check the availability of Firmware updates for your headphones and install them as soon as you release. Until then, if you have specific concerns or find yourself in sensitive environments, consider the possibility of deactivate bluetooth and use wired headphones.
