The vulnerabilities, tracked as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, affect popular brands including Sony, Marshall, JBL, Jabra, and Bose.
| CVE ID | Vulnerability | Severity | Transport |
|---|---|---|---|
| CVE-2025-20700 | Missing Authentication for GATT Services (BLE) | Critical | Bluetooth Low Energy |
| CVE-2025-20701 | Missing Authentication for Bluetooth BR/EDR | Critical | Bluetooth Classic |
| CVE-2025-20702 | Critical Capabilities in RACE Protocol | Critical | USB, BLE, Classic |
The flaws stem from Airoha’s RACE (Remote Audio Call Enhancement) protocol, a custom debugging interface exposed over Bluetooth without authentication requirements.
An attacker within Bluetooth range can connect silently to vulnerable headphones, extract cryptographic link keys stored in flash memory, and impersonate the trusted device to a victim’s smartphone.
Researchers demonstrated a four-step attack chain: first, connecting to headphones via unprotected BLE; then extracting the Bluetooth Link Key used for authentication between the headphones and the phone; and finally, impersonating the trusted headphones to gain privileged access to the victim’s device.
Once connected, attackers can trigger voice assistants, intercept calls, access contact lists, and eavesdrop on conversations via the phone’s microphone.
More than 30 device models are confirmed to be vulnerable, including Sony WF-1000XM series, Marshall speakers, JBL earbuds, and Beyerdynamic headphones.
The actual impact extends far beyond confirmed cases, as thousands of audio devices worldwide incorporate Airoha chipsets.
Airoha released SDK patches in June 2025, but vendor adoption remains inconsistent. Only Jabra and Marshall have publicly acknowledged firmware fixes.
Sony initially failed to respond; Beyerdynamic proactively addressed the issue.
Researchers recommend that users update firmware immediately, remove unused paired devices from their phones, and consider using wired headphones for sensitive communications.
The research team released the RACE Toolkit, enabling users to verify device vulnerability status.
This disclosure follows responsible disclosure practices initiated in March 2025, with researchers publishing full technical details after six months to allow vendors to remediate while enabling users to assess their risk.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyber Press as a Preferred Source in Google.
The post New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones appeared first on Cyber Security News.
INDIANAPOLIS, Ind. (WOWO) — Indiana Governor Mike Braun said on Thursday that he is updating…
CLINTON COUNTY, Ind. (WOWO) — Richard Kelly, the Clinton County Sheriff, and Ashley Kelly, the…
Tennessee NAACP President Gloria Sweet-Love speaks to a crowd of protesters on May 5, 2026,…
If a commuter's bike isn't what you're looking for, then how about an electric bike…
Looks like The Batman: Part II will take place, at least in part, during wintertime.…
JENNINGS COUNTY, Ind. (WOWO) — Jennings County deputies rescued a driver trapped neck-high in floodwaters…
This website uses cookies.