June 27, 2025, 3:15 pm | Read time: 3 minutes
German security researchers have discovered significant vulnerabilities in Bluetooth headphones that allow eavesdropping on conversations or initiating calls without prior pairing. Devices from numerous well-known manufacturers are affected, yet many users are likely unaware of these risks.
This involves a security vulnerability in chips from a well-known manufacturer, which are used in many Bluetooth headphones from popular brands such as Sony, Bose, JBL, Jabra, and Marshall. The discovered weaknesses allow attackers to take control of headphones remotely without needing a prior connection. Sensitive actions like eavesdropping on conversations or initiating calls are also possible under certain conditions.
Security Flaws in Bluetooth Chips Allow Remote Access
Researchers from the Heidelberg-based IT security company Enno Rey Netzwerke GmbH (ERNW) have identified several security vulnerabilities in Bluetooth chips from the Taiwanese manufacturer Airoha. The researchers presented their findings at the Troopers security conference in Heidelberg. The vulnerabilities affect several SoCs (systems-on-a-chip) from Airoha, which are used in true wireless headphones, among other devices.
Through specially programmed protocols, attackers can access the working and flash memory of the devices. It is sufficient to be within Bluetooth range–about ten meters away. Although Airoha has already provided a software update, users are still waiting in vain for firmware updates from the manufacturers.
The attack requires neither prior pairing nor authentication. It allows, among other things, the reading of current media titles, the capture of contact data, or the manipulation of existing trust relationships with paired smartphones. In practice, the researchers demonstrated how a call on the smartphone can be triggered using the read connection data–a potential gateway for eavesdropping attacks via the built-in microphone.
Read also: Critical Chip Security Flaws Endanger Numerous Smartphones
Over 100 Models Potentially Affected
According to ERNW, the security vulnerabilities have been confirmed in 29 Bluetooth headphones, but far more models are likely affected. The list includes models such as Sony WH-1000XM4 to WH-1000XM6, JBL Live Buds 3, Bose QuietComfort Earbuds, Jabra Elite 8 Active, and various Marshall devices like Major V and Stanmore III. Brands like Teufel, Jlab, Xiaomi, and others are also affected.
The researchers estimate that more than 100 different models could be vulnerable–and many manufacturers are not even aware that Airoha chips are used in their products.
Critical Chip Security Flaws Threaten Numerous Smartphones
Well-known manufacturer calls for the disposal of certain routers
U.S. Intelligence Warns Against Using Certain Routers
Updates Are Slow to Arrive
Airoha provided manufacturers with an updated version of its software on June 4. However, this must be passed on to end users by the device manufacturers in the form of a firmware update. So far, no newer firmware versions have appeared on affected devices that were created after the patch date. Users should therefore regularly check the manufacturers’ apps for updates or contact customer support.
The experts emphasize that real attacks are complex and technically demanding. They require immediate physical proximity to the target device and specialized knowledge. An attack is also not possible over the internet. Therefore, the warning is primarily directed at particularly vulnerable individuals such as journalists, diplomats, activists, or employees in security-relevant industries. For private everyday use, the risk is currently low.