A significant safety flaw affecting thousands and thousands of Bluetooth headphones and earbuds has been found, permitting attackers to remotely hijack units and spy on customers with out requiring any authentication or pairing.
Abstract
1. Vital flaws have an effect on thousands and thousands of Bluetooth headphones from Sony, Marshall, Bose utilizing Airoha chips – attackers solely want 10-meter proximity.
2. No pairing required – hackers exploit BLE GATT and RFCOMM protocols to regulate system reminiscence utterly.
3. Microphone eavesdropping, contact/name theft, unauthorized calls, potential malware unfold between units.
4. Fixes obtainable to producers since June 2025, however no public firmware updates launched but.
The vulnerabilities, recognized by cybersecurity researchers at ERNW, have an effect on units utilizing Airoha Techniques on a Chip (SoCs) and affect standard manufacturers together with Sony, Marshall, Beyerdynamic, and Bose.
Vital Flaws Allow Full System Takeover
The safety advisory reveals three vital vulnerabilities reminiscent of:
CVE-2025-20700 (Lacking Authentication for GATT Companies)
CVE-2025-20701 (Lacking Authentication for Bluetooth BR/EDR)
CVE-2025-20702 (Vital Capabilities of a Customized Protocol)
These flaws expose a strong customized protocol via BLE GATT (Bluetooth Low Power Generic Attribute Profile) and RFCOMM channels by way of Bluetooth Basic, permitting attackers to learn and write system RAM and flash reminiscence with none authentication.
The vulnerabilities have an effect on each Bluetooth BR/EDR (Bluetooth Basic) and Bluetooth Low Power (BLE) connections, requiring solely that attackers be inside Bluetooth vary of roughly 10 meters.
CVEsDescriptionImpactCVSS ScoreCVE-2025-20700Missing Authentication for GATT ServicesRead/write system reminiscence, entry delicate knowledge 8.8 (Excessive)CVE-2025-20701Missing Authentication for Bluetooth BR/EDRComplete system takeover8.8 (Excessive)CVE-2025-20702Critical Capabilities of a Customized ProtocolFull RAM and flash reminiscence entry, Bluetooth hyperlink key extraction, system impersonation9.6 (Vital)
As soon as exploited, hackers can execute refined assaults, together with studying at present taking part in media from system RAM, establishing unauthorized HFP (Palms-Free Profile) connections to eavesdrop via microphones, and extracting Bluetooth hyperlink keys from flash reminiscence to impersonate trusted units
Media Information Exploit
Main Manufacturers and Fashions Affected
The analysis confirms vulnerabilities throughout a variety of shopper audio units, from entry-level to flagship fashions.
Affected units embody a number of Sony fashions such because the WH-1000XM4, WH-1000XM5, WF-1000XM5, and WF-C500. Marshall’s whole product line seems compromised, together with the ACTON III, MAJOR V, MINOR IV, and STANMORE III audio system.
Different confirmed weak units embody the Beyerdynamic Amiron 300, Bose QuietComfort Earbuds, Jabra Elite 8 Energetic, and numerous JBL fashions.
The scope extends past shopper headphones to incorporate wi-fi audio system, dongles, {and professional} audio gear.
Many producers stay unaware that their units use weak Airoha SoCs, as Bluetooth modules are sometimes outsourced throughout improvement.
Airoha launched SDK updates with safety mitigations to system producers in early June 2025, however no firmware updates have been publicly launched but.
The corporate’s response got here after a 90-day disclosure interval, throughout which researchers tried a number of contact strategies earlier than receiving acknowledgment.
The vulnerabilities create a “wormable” exploit situation the place compromised units may probably unfold malware to different weak units via their GATT providers and traits.
Whereas the technical boundaries for exploitation stay excessive, requiring proximity and superior technical expertise, the vulnerabilities pose important dangers for high-value targets, together with journalists, diplomats, and VIPs.
Customers are suggested to watch their system producers’ web sites for firmware updates and contemplate eradicating Bluetooth pairings in the event that they consider their system could also be focused.
Examine dwell malware habits, hint each step of an assault, and make quicker, smarter safety selections -> Attempt ANY.RUN now
