Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Your bluetooth headphones might be spying on you

Researchers confirmed that 29 devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel are impacted.

byAytun Çelebi
July 1, 2025
in Cybersecurity, News

Cybersecurity firm ERNW disclosed vulnerabilities in Airoha Bluetooth chipsets affecting 29 audio devices from ten vendors, enabling potential eavesdropping and data theft.

Researchers confirmed that 29 devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel are impacted. These devices include speakers, earbuds, headphones, and wireless microphones. The identified security issues could allow an attacker to gain control of a vulnerable product. On some mobile phones, an attacker within connection range might also be able to extract call history and contacts.

During the TROOPERS security conference in Germany, ERNW researchers revealed three vulnerabilities within the Airoha Systems on a Chip (SoCs), which are extensively used in True Wireless Stereo (TWS) earbuds. These issues are not classified as critical. Their exploitation requires both close physical proximity, limited by Bluetooth range, and a high level of technical skill. The vulnerabilities were assigned the following identifiers: CVE-2025-20700, with a medium severity score of 6.7, indicating missing authentication for GATT services; CVE-2025-20701, also with a medium severity score of 6.7, denoting missing authentication for Bluetooth BR/EDR; and CVE-2025-20702, which has a high severity score of 7.5, pertaining to critical capabilities of a custom protocol.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Hackers used ChatGPT to fake resumes


ERNW researchers developed a proof-of-concept exploit code demonstrating their ability to read the currently playing media from targeted headphones. While this specific attack may not pose a significant risk, other scenarios leveraging these three vulnerabilities could allow a threat actor to hijack the connection between a mobile phone and a Bluetooth audio device. This would enable the use of the Bluetooth Hands-Free Profile (HFP) to issue commands to the phone. ERNW stated, “The range of available commands depends on the mobile operating system, but all major platforms support at least initiating and receiving calls.”

The researchers successfully triggered a call to an arbitrary number by extracting Bluetooth link keys from a vulnerable device’s memory. Depending on the phone’s configuration, an attacker could also retrieve call history and contacts. Additionally, they were able to initiate a call and “successfully eavesdrop on conversations or sounds within earshot of the phone.” There is also a potential for rewriting the vulnerable device’s firmware to enable remote code execution, which could facilitate the deployment of a wormable exploit capable of propagating across multiple devices.

Your bluetooth headphones might be spying on you
Image: ERNW

Despite the serious attack scenarios presented by ERNW researchers, practical implementation at scale faces constraints. The researchers remarked, “Yes — the idea that someone could hijack your headphones, impersonate them towards your phone, and potentially make calls or spy on you, sounds pretty alarming.” They added, “Yes — technically, it is serious,” while also noting that “real attacks are complex to perform.” The requirement for both technical sophistication and physical proximity limits these attacks to high-value targets, such as individuals in diplomacy, journalism, activism, or sensitive industries.

Airoha has released an updated Software Development Kit (SDK) incorporating necessary mitigations. Device manufacturers have begun developing and distributing patches. However, the German publication Heise reported that the most recent firmware updates for more than half of the affected devices date from May 27 or earlier, preceding Airoha’s delivery of the updated SDK to its customers.


Featured image credit

Tags: bluetooth

Related Posts

Z.AI GLM-4.6 boosts context window to 200K tokens

Z.AI GLM-4.6 boosts context window to 200K tokens

October 2, 2025
OpenAI releases Sora 2, iOS app with real-world inserts

OpenAI releases Sora 2, iOS app with real-world inserts

October 2, 2025
Bitrig: SwiftUI apps from voice using Apple Intelligence

Bitrig: SwiftUI apps from voice using Apple Intelligence

October 2, 2025
Bengio warns hyper-AI preservation goals threaten humanity

Bengio warns hyper-AI preservation goals threaten humanity

October 2, 2025
Apple TV 4K to feature A17 Pro chip and Apple Intelligence

Apple TV 4K to feature A17 Pro chip and Apple Intelligence

October 2, 2025
Instagram tests Reels-first home tab in India

Instagram tests Reels-first home tab in India

October 2, 2025

LATEST NEWS

Z.AI GLM-4.6 boosts context window to 200K tokens

OpenAI releases Sora 2, iOS app with real-world inserts

Bitrig: SwiftUI apps from voice using Apple Intelligence

Bengio warns hyper-AI preservation goals threaten humanity

Apple TV 4K to feature A17 Pro chip and Apple Intelligence

Instagram tests Reels-first home tab in India

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.