(credit: benzoix on Freepik)

Major Security Flaw Found In Bluetooth Headphones & Earbuds

Some affected brands are Sony, JBL, Bose, Beyerdynamic, and a few more.

A German cybersecurity company recently discovered that some Bluetooth headphones and earbuds are vulnerable to hacking.

The findings come from ERNW, a German security firm, which identified serious flaws in Bluetooth audio chips produced by Taiwanese supplier Airoha. These vulnerabilities impact a wide range of products from major brands like Sony, JBL, Bose, and others.

The report says the unsecured custom protocol used in the chips made it vulnerable to attacks. An attacker within Bluetooth range—about 10 meters—can access this protocol without needing to pair with the device or provide any authentication. Once exploited, the attacker can read and write to the device’s memory and flash storage, essentially taking full control.

ERNW researchers showed several concerning attack scenarios, with the most severe involves hijacking the trusted connection between the headphones and a smartphone. By extracting Bluetooth link keys from the headphones, an attacker could impersonate the headset to the phone and then use the Hands-Free Profile (HFP) to control the device.

While ERNW suspects all devices using the affected Airoha chips are vulnerable, they only tested and confirmed a specific list of models.

  • Beyerdynamic Amiron 300
  • Bose QuietComfort Earbuds
  • EarisMax Bluetooth Auracast Sender
  • Jabra Elite 8 Active
  • JBL Endurance Race 2
  • JBL Live Buds 3
  • Jlab Epic Air Sport ANC
  • Marshall ACTON III
  • Marshall MAJOR V
  • Marshall MINOR IV
  • Marshall MOTIF II
  • Marshall STANMORE III
  • Marshall WOBURN III
  • MoerLabs EchoBeatz
  • Sony CH-720N
  • Sony Link Buds S
  • Sony ULT Wear
  • Sony WF-1000XM3
  • Sony WF-1000XM4
  • Sony WF-1000XM5
  • Sony WF-C500
  • Sony WF-C510-GFP
  • Sony WH-1000XM4
  • Sony WH-1000XM5
  • Sony WH-1000XM6
  • Sony WH-CH520
  • Sony WH-XB910N
  • Sony WI-C100
  • Teufel Tatws2

ERNW notes that for most consumers, the immediate risk is low, as carrying out such an attack requires advanced technical skills and close physical proximity. However, they warn that high-value targets—such as journalists, diplomats, or corporate executives—could be at serious risk.

Airoha has already provided a patched software development kit (SDK) to manufacturers in early June and it’s up to the brands to develop and release firmware updates for their affected products. Users should keep an eye out for updates from their device manufacturers to ensure their headphones stay secure.

Tags