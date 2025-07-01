A serious security flaw has been found in Bluetooth headphones and earbuds using chips from Taiwanese manufacturer Airoha, exposing millions of users to potential privacy threats. The vulnerability affects popular models from Sony, JBL, Bose, Jabra, Marshall, and others, allowing hackers to hijack audio devices without the need for pairing or authentication.

No pairing required for attack

Discovered by German cybersecurity firm Enno Rey Netzwerke GmbH (ERNW), the flaw lies in Airoha’s Bluetooth System-on-a-Chip (SoC), widely used in wireless audio products. According to ERNW, “The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition.” Attackers just need to be within 10 meters of the device to hack it.

Once in range, they can access RAM and flash memory, view currently playing media, extract contact details and even initiate phone calls using the hijacked headphones as a bridge. In some cases, the vulnerability could be used to convert earphones into makeshift microphones, raising concerns over potential surveillance.

Over 100 models are likely affected

Confirmed affected devices include premium models such as the Sony WH-1000XM6, Bose QuietComfort Earbuds, JBL Live Buds 3, Jabra Elite 8 Active, and several products from Marshall. ERNW estimates that over 100 models may be vulnerable, as many brands unknowingly use Airoha chips through third-party sourcing.

At the Troopers conference in Heidelberg, researchers revealed three vulnerabilities, one critical and two high-risk. The flaws could expose phone numbers, reveal call data or allow attackers to manipulate trust relationships between headphones and connected smartphones.

ERNW released a list of devices that are confirmed to be vulnerable:

Beyerdynamic Amiron 300

Bose QuietComfort Earbuds

EarisMax Bluetooth Auracast Sender

Jabra Elite 8 Active

JBL Endurance Race 2

JBL Live Buds 3

Jlab Epic Air Sport ANC

Marshall ACTON III

Marshall MAJOR V

Marshall MINOR IV

Marshall MOTIF II

Marshall STANMORE III

Marshall WOBURN III

MoerLabs EchoBeatz

Sony CH-720N

Sony Link Buds S

Sony ULT Wear

Sony WF-1000XM3

Sony WF-1000XM4

Sony WF-1000XM5

Sony WF-C500

Sony WF-C510-GFP

Sony WH-1000XM4

Sony WH-1000XM5

Sony WH-1000XM6

Sony WH-CH520

Sony WH-XB910N

Sony WI-C100

Teufel Tatws2 Please note that these are the confirmed devices that have been exposed to a hijacking threat. Researchers say there could be more.

Fix released, but no firmware updates yet

Airoha released a patched Software Development Kit (SDK) to manufacturers on June 4. However, as of now, no firmware updates have reached consumers. ERNW urges users to regularly check brand apps for updates or contact support directly.

Although the flaws are technically complex and require close physical proximity, ERNW advises heightened caution for high-risk users such as journalists, diplomats and government personnel. For everyday users, the immediate threat remains comparatively lower.