Bluetooth vulnerabilities in headphones

A significant security flaw has been uncovered in millions of Bluetooth headphones and earbuds, enabling attackers to remotely hijack devices and spy on users without any authentication. Identified by cybersecurity researchers at ERNW, these vulnerabilities affect devices using Airoha Systems on a Chip (SoCs) and impact well-known brands like Sony, Marshall, Beyerdynamic, and Bose.

Bluetooth vulnerabilities in headphonesBluetooth vulnerabilities in headphones

The advisory highlights three critical vulnerabilities:

CVE-2025-20700: Missing Authentication for GATT Services CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR CVE-2025-20702: Critical Capabilities of a Custom Protocol These flaws allow attackers to exploit Bluetooth Low Energy (BLE) and Bluetooth Classic connections, enabling them to read device RAM, eavesdrop through microphones, and impersonate trusted devices—all from within a Bluetooth range of about 10 meters.

Bluetooth vulnerabilities in headphonesBluetooth vulnerabilities in headphones

Affected models include popular Sony headphones like the WH-1000XM4 and WH-1000XM5, as well as Marshall speakers and various JBL models. The vulnerabilities extend to wireless speakers and professional audio equipment, with many manufacturers unaware of their devices' reliance on vulnerable Airoha SoCs.

Airoha has provided SDK updates with security mitigations to manufacturers, but no public firmware updates have been released yet. The vulnerabilities create a potential "wormable" exploit scenario, posing significant risks for high-value targets such as journalists and diplomats.

Users are advised to check for firmware updates from their device manufacturers and consider removing Bluetooth pairings if they suspect their devices may be compromised.