30.06.2025
2 min
548
Three critical vulnerabilities have been discovered in Airoha Bluetooth chips used in products from Sony, Bose, JBL, Jabra and 7 other brands, allowing them to read music, steal contacts, view call history and even listen to the smartphone’s microphone.
During the TROOPERS conference in Germany, ERNW experts presented three CVE entries:
While these attacks require physical proximity (Bluetooth range) and technical training, attackers can listen to the user via the Hands-Free Profile (HFP), initiate calls and read Bluetooth keys for complete control.
ERNW created a proof-of-concept and demonstrated how to get the music currently playing in headphones or activate the smartphone microphone – turning ordinary TWS headphones into a surveillance device. Airoha is one of the leaders in the Bluetooth chipset market, especially in budget and mid-range TWS devices. Its solutions are integrated into products from Beyerdynamic, Teufel, Marshall, MoerLabs, EarisMax and others.
Experts note that attacks through these vulnerabilities are real, but complex. They threaten mainly journalists, diplomats, activists and other target groups. At the same time, half of the vulnerable devices have not been updated after May 27, 2025, that is, they still remain unprotected.
Although these bugs are not massive, they show the danger of underestimated Bluetooth security. Headphones are no longer just an audio device, but also a microphone, a command channel and a data leakage point. The Airoha SDK update has already been released, but now it all depends on manufacturers, who must urgently update their firmware.
