A recent revelation by German cybersecurity firm Ernw has uncovered critical vulnerabilities in various Bluetooth headphones and earbuds using chips from Airoha, a Taiwanese supplier. According to the firm, these flaws could potentially allow hackers to control devices without needing authentication or pairing, posing a significant security risk. Identified as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, these vulnerabilities affect a broad range of popular products.
Among the affected devices are top-tier noise-canceling headphones like the Sony WH-1000XM series and Bose QuietComfort Earbuds, as well as models from Jabra, Beyerdynamic, and JBL. The core issue stems from an unsecured custom protocol, allowing attackers within a 10-meter range to access and manipulate the device’s memory and flash storage without needing to connect formally to them.
Researchers have demonstrated potential attack scenarios, the most concerning of which involves taking over the trusted connection between the headphones and a smartphone. By acquiring the Bluetooth link keys from the headphones, an attacker can mimic the headset to the phone, gaining control using the Hands-Free Profile (HFP).
While Ernw suspects that all devices using the affected Airoha chips are at risk, they conducted testing on a selection of devices, confirming their vulnerabilities. Here’s the list of verified devices:
1. Beyerdynamic Amiron 300
2. Bose QuietComfort Earbuds
3. EarisMax Bluetooth Auracast Sender
4. Jabra Elite 8 Active
5. JBL Endurance Race 2
6. JBL Live Buds 3
7. Jlab Epic Air Sport ANC
8. Various Marshall devices
9. Sony WF, WH, and WI series
10. Teufel Tatws2
Though the risk for the average user remains low, given the technical skill and proximity required for such an attack, Ernw highlights the potential danger for high-value targets like journalists or corporate executives.
Airoha has issued a patched software development kit to manufacturers. However, it’s now up to companies like Sony and Bose to create and distribute firmware updates for their products.
Consumers are advised to stay informed about updates related to their devices. Notably, the Samsung Galaxy Buds 3 Pro is unaffected by these vulnerabilities.
As technology continues to advance, remaining vigilant about these kinds of security issues is crucial to protecting personal information and maintaining privacy.
