Critical Bluetooth Vulnerabilities Found in Popular Audio Devices
In a major cybersecurity revelation, researchers have identified serious Bluetooth vulnerabilities affecting 29 popular wireless audio devices from top brands like Sony, Bose, Marshall, JBL, and Jabra. These flaws can potentially allow hackers to eavesdrop on conversations, steal private data, or even remotely control devices—raising alarms for both consumers and device manufacturers.
The vulnerabilities, disclosed at the TROOPERS cybersecurity conference in Germany, stem from weaknesses in the Airoha System-on-Chip (SoC), which powers many True Wireless Stereo (TWS) headphones, microphones, and speakers.
What Exactly Is at Risk?
Security researchers at ERNW, the German cybersecurity firm that discovered the issue, revealed three separate vulnerabilities in Airoha’s SoC:
- CVE-2025-20700: GATT service authentication flaw (risk score: 6.7)
- CVE-2025-20701: Bluetooth BR/EDR authentication flaw (risk score: 6.7)
- CVE-2025-20702: User protocol vulnerability (risk score: 7.5)
These flaws, while requiring proximity to the target and advanced technical knowledge, could be exploited to intercept audio streams, issue commands to connected smartphones, or even initiate unauthorized phone calls.
What Can Hackers Do?
With a custom-built exploit, the researchers were able to:
- Listen in real-time to whatever was being played through the device.
- Access call logs and contact lists from paired smartphones.
- Initiate calls to arbitrary numbers.
- Eavesdrop on conversations near the smartphone’s microphone.
- Modify device firmware, opening the door for broader malware attacks.
This attack relies on intercepting and manipulating the Bluetooth Hands-Free Profile (HFP), a standard feature on most wireless audio accessories. If a hacker gains control of the Bluetooth connection, they can send voice commands to the phone, simulate user interactions, and access data without detection.
Affected Devices: The Full List
A total of 29 devices are known to be vulnerable. Here’s a breakdown of the impacted brands and models:
Sony: WF-1000XM3, WF-1000XM4, WF-1000XM5, WH-1000XM4, WH-1000XM5, WH-1000XM6, WH-CH520, CH-720N, Link Buds S, ULT Wear, WF-C500, WF-C510-GFP, WH-XB910N, WI-C100
Bose: QuietComfort Earbuds
Marshall: ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
JBL: Endurance Race 2, Live Buds 3
Jabra: Elite 8 Active
Jlab: Epic Air Sport ANC
Beyerdynamic: Amiron 300
Teufel: Tatws2
MoerLabs: EchoBeatz
EarisMax: Bluetooth Auracast Sender
Each of these devices uses the vulnerable Airoha chipsets, which are widely adopted for their performance in wireless audio streaming.
Is This a Real-World Threat?
According to ERNW, these vulnerabilities are not easily exploited by average hackers. They require:
- Close physical proximity (within Bluetooth range)
- Sophisticated technical skills
- Custom-coded exploits
However, the fact that attackers can potentially gain full access to personal calls and steal sensitive contact data makes this an urgent issue, particularly for journalists, politicians, business professionals, and others who deal with confidential conversations.
Mitigation and Manufacturer Response
The good news? Airoha has already released an updated SDK (software development kit) that addresses these vulnerabilities. Device manufacturers are now working on patches and firmware updates to roll out across the affected models.
If you own one of these devices, it’s crucial to:
- Check the manufacturer’s website for available updates.
- Install firmware patches as soon as they are released.
- Avoid using Bluetooth devices in sensitive environments until updates are confirmed.
- Disable Bluetooth when not in use to reduce potential exposure.
A Wake-Up Call for Bluetooth Security
This incident highlights a broader issue in the Internet of Things (IoT) space: even our most trusted everyday devices can harbor hidden risks. Bluetooth, a technology we’ve come to rely on for hands-free convenience, is increasingly becoming a target for advanced cyberattacks.
While this particular vulnerability may be complex to exploit, it serves as a warning sign for manufacturers to take proactive steps toward better encryption, authentication, and firmware security. For users, staying informed and keeping devices updated is now more important than ever.
Conclusion: Don’t Let Convenience Compromise Your Privacy
The discovery of multiple Bluetooth vulnerabilities in widely used wireless devices is a serious reminder of how fragile digital security can be. While the chances of being targeted are low, the potential damage is high—from stolen contacts to full-on eavesdropping.
As updates become available, users are encouraged to patch their devices immediately and remain vigilant about how and where they use their Bluetooth gadgets. With manufacturers taking swift action, the hope is that stronger defenses will be in place before these flaws are used in the wild.
