Bluetooth Flaws Allow Hackers to Eavesdrop via Headphones and Earbuds

Security researchers have uncovered severe vulnerabilities in Bluetooth headphones and earbuds using Airoha Systems-on-Chip (SoCs), enabling attackers within Bluetooth range (~10 meters) to compromise devices without requiring full authentication.

The flaws affect products from major brands including Sony, Bose, Marshall, and Jabra, exposing users to eavesdropping, data theft, and device hijacking.

Exploitable Attack Vectors

Three critical CVEs facilitate the attacks: CVE-2025-20700 (missing GATT service authentication), CVE-2025-20701 (unauthenticated Bluetooth BR/EDR access), and CVE-2025-20702 (unsecured custom protocol). These allow:

• RAM/flash memory read/write access via BLE GATT or RFCOMM channels
• Extraction of Bluetooth link keys to impersonate trusted devices
• Eavesdropping via microphone hijacking or call redirection
• Theft of media playback data, contacts, and call logs1.
  Notably, attackers can achieve wormable exploits by rewriting device firmware to propagate malicious code.

Confirmed Affected Devices

Testing confirmed vulnerabilities across entry-level and flagship models, including:

Brand	Affected Models
Sony	WH-1000XM6, WF-1000XM5, CH-720N, 10+ others
Marshall	MAJOR V, MINOR IV, ACTON III, 5 models
Bose	QuietComfort Earbuds
Jabra	Elite 8 Active
JBL	Live Buds 3, Endurance Race 2
The full scope remains unknown due to supply-chain opacity, with some vendors unaware they use Airoha SoCs1.

Mitigation and Patch Timeline

Airoha released SDK patches to manufacturers in early June 2025, but no firmware updates are yet available to consumers.

High-risk individuals (journalists, diplomats) should:

1. Discontinue use of affected devices
2. Delete Bluetooth pairings from connected phones
3. Monitor manufacturer updates.
4. Disclosure timeline:

• March 25, 2025: Initial report to Airoha
• May 27, 2025: First response from Airoha after the silence
• June 4, 2025: Patched SDK distributed to vendors
• June 26, 2025: Public advisory released.

The vulnerabilities highlight systemic risks in IoT supply chains, where obscured component origins impede vulnerability management.

While complex attacks require proximity and technical skill, the flaws demonstrate critical infrastructure weaknesses in widely deployed consumer devices.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates

The post Bluetooth Flaws Allow Hackers to Eavesdrop via Headphones and Earbuds appeared first on Cyber Security News.