Subscribe

Popular Bluetooth headphones from Sony, Bose, and JBL found to have security flaws

NEWYou now have the option to listen to articles from reliable sources!

Bluetooth headphones are designed to simplify life. You wear them, hit play, and carry on without thinking about them. However, researchers have discovered that some of the most popular audio devices on the market may be doing more than just playing your music.

ERNW, a cybersecurity firm, has disclosed that 29 devices utilizing Airoha Bluetooth chips are susceptible to attacks that could potentially expose your personal information or allow unauthorized eavesdropping on your conversations. The impacted devices are from reputable brands like Bose, Sony, JBL, Jabra, and Marshall, and include headphones, earbuds, speakers, and wireless microphones.

Sign up for my FREE CyberGuy Report
Receive my top tech tips, urgent security alerts, and exclusive deals directly in your inbox. Plus, gain immediate access to my Ultimate Scam Survival Guide – free when you subscribe to my CYBERGUY.COM/NEWSLETTER

FBI WARNS OVER 1 MILLION ANDROID DEVICES HIJACKED BY MALWARE

A pair of Bluetooth headphones next to a laptop (Kurt “CyberGuy” Knutsson)

Bluetooth vulnerabilities that extend beyond inconvenience

The Bluetooth vulnerabilities in question are integrated into Airoha chips commonly found in true wireless audio devices, as reported by BleepingComputer. Three vulnerabilities have been identified, each enabling an attacker to gain unauthorized access to some extent. The most critical vulnerability allows an attacker to read or manipulate data by exploiting a custom protocol utilized by the chip. All three vulnerabilities have been assigned official CVE numbers and rated between medium and high severity.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

It is important to note that these are not casual attacks. They require close proximity and technical expertise. However, if successful, the consequences are alarming. Researchers demonstrated the ability to extract call logs, contact lists, and media being played. They could even initiate a call from a phone without the user’s awareness. Once connected, they could eavesdrop on any sound captured by the phone.

In a proof-of-concept scenario, the researchers retrieved Bluetooth link keys from a headphone’s memory. This allowed them to impersonate the device and take control of the connection to the phone. With this access, they could issue commands using the Bluetooth Hands-Free Profile, a feature present in most modern phones.

A pair of Bluetooth headphones (Kurt “CyberGuy” Knutsson)

Bluetooth headphones and audio devices vulnerable to Airoha chip security flaws

ERNW researchers have identified the following devices as vulnerable:

  • Beyerdynamic Amiron 300
  • Bose QuietComfort Earbuds
  • EarisMax Bluetooth Auracast Sender
  • Jabra Elite 8 Active
  • JBL Endurance Race 2
  • JBL Live Buds 3
  • Jlab Epic Air Sport ANC
  • Marshall ACTON III
  • Marshall MAJOR V
  • Marshall MINOR IV
  • Marshall MOTIF II
  • Marshall STANMORE III
  • Marshall WOBURN III
  • MoerLabs EchoBeatz
  • Sony CH-720N
  • Sony Link Buds S
  • Sony ULT Wear
  • Sony WF-1000XM3
  • Sony WF-1000XM4
  • Sony WF-1000XM5
  • Sony WF-C500
  • Sony WF-C510-GFP
  • Sony WH-1000XM4
  • Sony WH-1000XM5
  • Sony WH-1000XM6
  • Sony WH-CH520
  • Sony WH-XB910N
  • Sony WI-C100
  • Teufel Tatws2

GET FOX BUSINESS ON THE GO BY CLICKING HERE

It is important to understand that this list may not encompass every product impacted by these vulnerabilities. As more research is conducted, the list could evolve. Additionally, not all devices face the same risks. For example, it appears that at least one manufacturer has already addressed CVE-2025-20700 and CVE-2025-20701. However, it is unclear whether this fix was intentional or accidental.

Due to these variables, obtaining a comprehensive and accurate understanding of which devices are genuinely secure remains challenging. As a consumer, it is advisable to stay vigilant for updates and consult with your device’s manufacturer for the most up-to-date information.

A pair of Bluetooth headphones (Kurt “CyberGuy” Knutsson)

Firmware updates being rolled out but gaps persist

Airoha has addressed the vulnerabilities in its software development kit (SDK) and provided an updated version to device manufacturers in early June. These manufacturers are now tasked with creating and distributing firmware updates to affected products. If you have not received an update yet, it should be on its way, although some updates may already be accessible.

However, there is a caveat. According to a report by German publication Heise, many of the most recent firmware updates for affected devices were released before Airoha issued its official solution. This implies that some products may still be running vulnerable code despite appearing to be up to date.

To add to the complexity, consumers are typically not directly informed about these updates. Firmware patches for headphones and similar devices often install silently or may not be delivered at all. Consequently, most users are unaware of whether their devices are secure or still exposed to risks.

We attempted to contact all 10 companies for a statement, but did not receive a response before our deadline.

5 ways to safeguard yourself from Bluetooth vulnerabilities

1. Regularly check for firmware updates: Visit the manufacturer’s app or website to manually check for firmware updates, even if you have not received a notification. Automatic updates may not always be reliable, particularly for headphones and earbuds.

2. Turn off Bluetooth when not in use: Deactivating Bluetooth when it is not actively in use reduces your exposure window and makes it more challenging for attackers to target your device.

3. Use devices in low-risk environments: Since these attacks require close proximity, refrain from using Bluetooth audio devices in crowded or unfamiliar public settings where someone nearby could exploit vulnerabilities.

4. Pair devices with trusted sources only: Avoid pairing your Bluetooth headphones with unfamiliar phones, computers, or public terminals. Once paired, those devices may retain a connection or reestablish one without your knowledge, heightening the risk of exploitation if they are compromised.

5. Remove unused paired devices: Access your Bluetooth settings and delete old or unfamiliar pairings. This helps prevent unauthorized reconnections from previously trusted devices that may now be compromised.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s main takeaway

The true concern lies not in the Bluetooth flaw itself, but in the repercussions when the software within everyday devices fails silently. Vulnerabilities like these are not uncommon, but the handling of them often leaves users uninformed. As long as consumers are unable to see or control the software running inside their own headphones, issues like this will persist.

Should manufacturers be obligated to directly notify users when security flaws are discovered in their products? Share your thoughts with us by reaching out to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Receive my top tech tips, urgent security alerts, and exclusive deals directly in your inbox. Plus, gain immediate access to my Ultimate Scam Survival Guide – free when you subscribe to my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist with a profound passion for technology, gear, and gadgets that enhance life. He contributes to Fox News & FOX Business, starting mornings on “FOX & Friends.” Have a tech query? Receive Kurt’s free CyberGuy Newsletter, share your voice, a story idea, or comment at CyberGuy.com.

Latest Stories

Send in a Tip or say Hello:
Email: tips@fox73.com

Get notified of our latest stories and headlines

By submitting my information, I agree to receive recurring automated messages to the contact information provided and to

© 2025 Fox73. All Rights Reserved.