Bluetooth Headphone security Flaws Expose Millions to Hacking Risks
Table of Contents
Millions of Bluetooth headphones and earbuds are vulnerable to critical security flaws that coudl allow hackers to hijack devices and compromise connected smartphones, even without pairing. Researchers have discovered vulnerabilities in headsets using chips made by Airoha, potentially exposing user data and privacy.
The Vulnerabilities explained
German cybersecurity firm ERNW revealed three significant vulnerabilities – CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 – within the ‘RACE’ Bluetooth protocol used by Airoha chipsets [[3]]. This protocol is designed for device inspection and firmware updates but lacks robust security authentication, allowing unauthorized access. When combined, these vulnerabilities pose a considerable threat to user security. The researchers presented these findings at the black Hat security conference, underscoring their significance [[3]].
How the ‘Headphone Jacking’ Attack Works
Researchers demonstrate a technique dubbed ‘headphone jacking’ where malicious actors can gain access to a Bluetooth headset within a 10-meter range without requiring pairing [[1]]. By exploiting the vulnerabilities, attackers can steal the “Bluetooth link key” – the identifier used to connect the headset to a smartphone.With this key, the attacker can then impersonate the legitimate headset, tricking the smartphone into establishing a connection. [[1]]
Affected Devices and Brands
A wide range of devices utilizing the vulnerable Airoha chipsets are affected. This includes popular models from major brands:
- Sony: 14 devices, including the flagship WH-1000XM6 [[3]].
- marshall: 6 devices, including the Major V [[3]].
- JBL: 29 devices, including the Live Buds 3 [[3]].
- Other Brands: Sony, Bose, and JBL are among the many companies with devices impacted [[2]].
Potential Risks to Users
A prosperous headphone jacking attack can have serious consequences:
- Data Theft: hackers can access call history and contact information stored on the connected smartphone.
- Remote Control: Attackers can activate voice assistants (like Google Assistant or Apple Siri) to make calls,send messages,or control other smartphone functions.
- Eavesdropping: The attacker can potentially eavesdrop on surrounding audio [[2]].
Manufacturer response and Mitigation
Airoha released a Software Progress Kit (SDK) containing security patches to address these vulnerabilities. Though, reports indicate that some major manufacturers where slow to respond and implement the necessary updates [[1]].
Protecting Yourself: what You Can Do
Users can take the following steps to mitigate the risk:
- Update Firmware: Regularly check for and install the latest firmware updates for yoru Bluetooth headphones and earbuds through the manufacturer’s official app.
- Delete Pairing Lists: periodically clear old or unused pairing lists from your smartphone’s Bluetooth settings.
- Exercise Caution in Public: Be mindful of using bluetooth devices in public places where the risk of interception may be higher.
Looking Ahead
These vulnerabilities highlight the growing importance of security in the rapidly expanding world of wireless audio devices. A prompt response from manufacturers to address these security flaws is crucial for protecting user privacy and data. Ongoing vigilance and proactive security measures are necessary to counter emerging threats in the Bluetooth ecosystem.