Serious flaw in the chip for wireless earphones: you listen to conversations and download the address book. Sony and Bose also use them

The German company of Cybersecurity Ernw has discovered a very serious vulnerability in a series of processors used by dozens. Consequently, dozens of wireless headphones brands, including Sony, JBL, Bose and Marshall. Similarly,

The models affected would be hundreds. Moreover, but being a little component in sight it is really difficult to estimate the scope of the problem, and there are those who speak of millions of devices already on the market. In addition,

At the moment. Meanwhile, unfortunately, Firmware are not available that solve the problem and close the flaw even if as we will see the manufacturer has remedied.

Although a vulnerability is. In addition, we are faced with a fairly worrying case because the flaws do not derive as often happens from a programming problem, but from a personalized debut protocol exposed both through Bluetooth Low Energy (BLE) and serious flaw chip wireless earphones: Bluetooth Classic (BR/EDR), implemented in the SDK (software development kit) of Airoha. Furthermore,

For this protocol. Nevertheless, intended for diagnostics or app functionality, No authentication procedure has been implemented and therefore anyone can access it.

According to the researchers. any device nearby can thus access the memory of the headphones and perform commands without the need for combination. Compared to many other bugs. this of the Airoha processors is worrying because SDKs are public, and even if the researchers have not revealed the vulnerability and not even published the scripts to exploit it, as it is right that it is, any programmer in a few minutes can understand how to exploit it.

As we have written. through debug requests, you can read the chip RAM to determine what song is being played, extract telephone serious flaw chip wireless earphones: numbers and calls of calls from connected smartphones and also divert Bluetooth connections stealing the cryptographic combination keys. Using these keys, attackers can impersonate headphones, simulating silent calls or by sending voice commands.

In laboratory tests. Ernw she managed to transform headphones into listening devicesredirecting the input of the microphone to a malicious bluetooth device or starting calls without the intervention of the user.

As we wrote before Airoha is one of the main Bluetooth processors suppliers for the True Wireless Stereo (TWS). auricular market.

Ernw tried to understand what the vulnerable devices are among the brands known on the market. has identified some of them, including Sony with WH-1000XM4/5/6, WF-1000XM3/4/5, Linkbuds S, ult Wear, CH-720n, C500, C510-GFP, XB910N, Marshall with the Acton III, Major V, Minor IV, Mo and Bose with quietcomfort.

The vulnerabilities were reported to Airoha on March 25, 2025 but the company responded only on May serious flaw chip wireless earphones: 27, after several contact attempts. Airoha released SDK updated to partners on June 4thbut at the end of June. most of the producers has not yet distributed firmware updates.

To further complicate the situation. the firmware updates for the headphones are usually distributed through mobile proprietary apps, which users rarely install or open. In some cases, the older or cheaper models may no longer receive updates.