Bluetooth headsets, be careful of these models: so they spy on your conversations

Also the Bluetooth earphones They can become an instrument of intrusion by cybercriminals: according to what has recently been discovered by a team of German researchers, in fact, it is possible to take advantage of …

Jack Williams

Written by: Jack Williams

Published on:

Bluetooth headsets, be careful of these models: so they spy on your conversations

Also the Bluetooth earphones They can become an instrument of intrusion by cybercriminals: according to what has recently been discovered by a team of German researchers, in fact, it is possible to take advantage of a flaw in the chips made by Airoha to take control of the headphones and transform them into a spy microphones, as well as to use them as if through to hack the mobile phone. Although the company’s name does not sound familiar to the least expert, it is good to know that the brands that use the Airoha Bluetooth chips are among the best known on the market, such as, just to name a few, Sony, Bose, Marshall or JBL.

Users at risk are therefore very numerous, according to what reported by the authors of the study, that is to say the experts of Ernw, a company specialized in cybersiculia based in Heidelberg. The researchers managed to identify three different security “holes”, that is to say:

  • CVE-2025-20700: the gap is represented by the lack of authentication for Gatt services, which means that through this flaw anyone can access;
  • Cve-2025-20701: the authentication for Bluetooth br/Edr is missing, and also in this case the breach can be used to introduce itself into the system;
  • Cve-2025-20702: It is the flaw deemed most dangerous by Ernw’s experts, and through it it is possible to access critical functions.

By adding up these gaps, the fact that cybercriminals have many arrows in their arch is evident in order to be able to introduce themselves into the systems hooked to the bluetooth earphones.

Based on the information acquired, the experts created a exploit To try the risks that can be run in the event that you end up in the sights of the hackers: due to these vulnerabilities, cybercriminals could examine what is listening to (for example Spotify, AudioLibri or Podcast), divert the calls, take possession of contacts in the address book and in the chronology and even spying in real time, using headphones as microphones. Not only that, given that the greatest risk, checked by researchers during their tests, is to remain victims of a “Wormable” exploit, that is, a malware capable of propagating silently from one device to another.

These vulnerability They cannot fail to worry, however, to exploit them correctly, first of all we have to have very high technical skills and then be particularly close to your goal, since the action of action of the Bluetooth systems is quite reduced. An effort of the genre is more difficult for it to be made for a banal target, as if to be clear a simple citizen, so that they are more at risk are mainly public figures or who still hold assignments of a certain prestige. However, we must not lower your guard.

For its part, Airoha He immediately activated himself to remedy the flaws identified by Ernw, correcting them in the latest version of his firmware. The problem, as pointed out by the company itself, is that the brands involved have not been equally reactive, and most of these brands have not yet made available to its customers an updated patch capable of protecting them: this means that thousands of people continue to use potentially very dangerous bluetooth earphones. Below is a list of some of the specimens that could present the above mentioned critical issues:

  • BeyerDynamic Amaron 300;
  • Bose quietcomfort Earbuds;
  • Earismax Bluetooth Auracast Sender;
  • Jabra Elite 8 Active;
  • JBL Endurance Race 2;
  • JBL Live Buds 3;
  • Jlab Epic Air Sport Anc;
  • Marshall Acton III;
  • Marshall Major V;
  • Marshall Minor IV;
  • Marshall Motif II;
  • Marshall Stanmore III;
  • Marshall Woburn III;
  • Moerlabs Echobeatz;
  • Sony CH-720n;
  • Sony Link Buds S;
  • Sony ult Wear;
  • Sony WF-1000XM3;
  • Sony WF-1000XM4;
  • Sony WF-1000XM5;
  • Sony WF-C500;
  • Sony WF-C510-GFP;
  • Sony WH-1000XM4;
  • Sony WH-1000XM5;
  • Sony WH-1000XM6;
  • Sony Wh-Ch520;
  • Sony WH-XB910N;
  • Sony Wi-C100;
  • Teufel Tatws2.

In the event that one of these models are owned, it is still possible to take some precautions to avoid risks of intrusion.

A good advice is to deactivate bluetooth when you don’t have to use, and if you really want to shield our device completely waiting for the new firmware updated with the right security patch you can use simple earphones with a wire.

Jack Williams

Jack Williams

Jack Williams established himself as the editor-in-chief of The Vermilion with rigorous journalistic traits and an incessant quest for truth. His career began as an investigative reporter, where he quickly gained a reputation for his in-depth research and insightful articles. Williams takes his role at The Vermilion very seriously. Since he became editor-in-chief, he has set an editorial line based on impartiality, factual accuracy, and context relevance; this has established The Vermilion as a reference for political, economic, and global news. Under his leadership, the media continues its mission of reporting news with accuracy and equanimity, giving a voice to those who are often overlooked by large-scale media. Jack dedicates himself to fulfilling this mandate with passion, rigour, and unwavering determination.

Previous

The dirtiest places we never think about

Next

Zero stamina guilty of realism: when the human design looks like a crime