News + Trends

Headphones as a bug: security vulnerability discovered in Bluetooth chip

27.6.2025

Translation: machine translated

Headphones can be hacked and controlled via a security vulnerability. This has been confirmed by German security researchers. Theoretically, this could be used to trigger calls or use the microphone as a bug.

Researchers from the German security company ERNW (Enno Rey Netzwerke GmbH) have discovered and reported a serious vulnerability in Bluetooth headphones. Bluetooth headphones that use chips from the Taiwanese manufacturer Airoha are affected - and there are a lot of them. The manufacturers affected include well-known brands such as Sony, JBL, Bose and Marshall. But the problem affects millions of headphones, at least in theory. These could be exposed to attacks.

What exactly is the problem?

The problem lies in the Bluetooth chips from Airoha, a supplier that is particularly well known for true wireless headphones. These chips enable the transmission of sound signals from smartphones to in-ear headphones, for example. Airoha has integrated a proprietary protocol into its chips that theoretically allows attackers to access the flash memory and RAM of the devices wirelessly - without the need for authorisation or the usual pairing.

What could happen?

Security researchers from ERNW were able to manipulate the protocol in such a way that they could take control of Bluetooth headphones, i.e. hijack the connection between a headset and the user's smartphone without them realising anything.

For example, the attackers could read the headphones' RAM to find out which media is currently being played - a rather harmless scenario. More serious is the realisation that the researchers were also able to read the user's phone number and call logs. In some cases, it was even possible to search through the smartphone's address book.

Especially worrying: the researchers were able to manipulate the headphones so that they functioned like a bug. By pretending to be the connected smartphone, the attackers were able to activate the headphones' microphones and forward recorded conversations to themselves. However, it was also possible to trigger calls in the tests.
The researchers at ERNW categorised the vulnerabilities as critical (CVE-2025-20702, CVss 9.6/10), while Airoha, the manufacturer of the affected chip, played down the severity. According to Airoha, the attacks are too complex and the impact on the connected devices is low.

Which headphones are affected

The researchers tested a wide range of headphone models, but the list of affected devices is likely to be much longer. Some popular models from major manufacturers were affected in the test, such as Sony, JBL and Bose. Apple's Airpods were not affected, as they have different chips installed.
The following models have already been confirmed:

Beyerdynamic Amiron 300
Bose QuietComfort Earbuds
EarisMax Bluetooth Auracast transmitter
Jabra Elite 8 Active
JBL Endurance Race 2
JBL Live Buds 3
Jlab Epic Air Sport ANC
Marshall ACTON III
Marshall MAJOR V
Marshall MINOR IV
Marshall MOTIF II
Marshall STANMORE III
Marshall WOBURN III
MoerLabs EchoBeatz
Sony CH-720N
Sony Link Buds S
Sony ULT Wear
Sony WF-1000XM3
Sony WF-1000XM4
Sony WF-1000XM5
Sony WF-C500
Sony WF-C510-GFP
Sony WH-1000XM4
Sony WH-1000XM5
Sony WH-1000XM6
Sony WH-CH520
Sony WH-XB910N
Sony WI-C100
Teufel Airy TWS 2

Chips have been patched, headphone firmware not (yet)

Airoha made an updated software development kit available at the beginning of June to fix the vulnerability. The ball is now in the headphone manufacturers' court, who must provide their products with the necessary security updates. Until then, users will have to be patient. After all, an attack on a private individual's headphones seems very unlikely.

Header image: Shutterstock

46 people like this article

Florian Bodoky

Editor

Florian.Bodoky@digitecgalaxus.ch

I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.

Audio

Follow topics and stay updated on your areas of interest

News + Trends

From the latest iPhone to the return of 80s fashion. The editorial team will help you make sense of it all.

Show all

14 comments

later

Search

Headphones as a bug: security vulnerability discovered in Bluetooth chip

What exactly is the problem?

What could happen?

Which headphones are affected

Chips have been patched, headphone firmware not (yet)

14 comments

Top 10 categories

Go to

14 comments

Digitec Deal of the day