Multiple security flaws in Bluetooth chips made by Airoha could allow attackers to hijack wireless headphones and earbuds from major brands, including Sony, Beyerdynamic, and Marshall. That’s the warning from German IT security firm ERNW, which published its findings this week.
Airoha supplies Bluetooth system-on-chip (SoC) components and reference designs used widely across the audio device industry. But ERNW says both the chips and the accompanying software development kit (SDK) expose a custom protocol with few safeguards.
The flaws lie in how Airoha devices handle Bluetooth connections. ERNW found that the vulnerable protocol is exposed via both Bluetooth Low Energy (BLE) and Bluetooth Classic (BR/EDR). Worse, neither channel requires authentication.
This means attackers don’t need to pair with a device. If they’re within Bluetooth range, they can access its RAM and flash memory directly. They can read, write, and alter the device’s internal state.
Full Takeover Via Bluetooth
In the majority of cases, these vulnerabilities allow bad actors to fully take over the headphones via Bluetooth. “No authentication or pairing is required. The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition,” they added.
“These capabilities allow for multiple attack scenarios,” ERNW said. Attackers could access sensitive data, including media being played, phone numbers, and possibly even live audio.
There’s also potential for code execution. An attacker could modify the firmware and plant malicious code, enabling a wormable exploit that spreads to other devices.
No pairing. No alerts. Just proximity and skill.
“Yes, the idea that someone could hijack your headphones, impersonate them towards your phone, and potentially make calls or spy on you, sounds pretty alarming.”
High-Value Targets at Risk
ERNW notes that such attacks would be complex and are unlikely to be used for petty crime. But high-value targets (diplomats, journalists, political dissidents, and corporate insiders) are at risk.
Another issue the researchers identified is that certain vendors do not even know that they are using an Airoha SoC. “They have outsourced parts of the development of their device, such as the Bluetooth module. If you are a manufacturer of such a device and are unsure whether your devices might be affected, feel free to contact us.”
Airoha has patched the vulnerabilities in its latest SDK, but as of now, ERNW is not aware of any vendors having rolled out firmware updates to affected devices.
Until that changes, the risk remains.
Move Beyond Reactive Patching
Dray Agha, senior manager of security operations at Huntress, said: “This discovery highlights a growing concern in the IoT and consumer electronics space, vendors often prioritise convenience over security in Bluetooth implementations.”
Agha says Bluetooth vulnerabilities like these aren’t new, but their persistence in widely used chips underscores a systemic issue: many manufacturers do not implement basic security controls, such as mandatory authentication or encryption.
“The fact that attackers can hijack devices without pairing is particularly alarming. The industry needs to move beyond reactive patching and adopt secure-by-design principles for wireless protocols.”
“It is important to note that as this appears to be an issue in the underlying Bluetooth implementation that these chips may also be in use in a greater number and variety of devices than just those initially identified and the extent of the issue may take some time to be known,” added Ben Hutchison, associate principal consultant at Black Duck.
There’s Not Much Users Can Do
“While the current likelihood appears low in most contexts of a user being the target of such an attack, there is unfortunately very little a user themselves can do at this time to mitigate it other than disabling Bluetooth functionality, removing at-risk device pairing associations, and not using potentially vulnerable Bluetooth peripherals,” Hutchison explained.
“The issue, also highlights the challenge of securing products arising from supply chain complexities, and the need for organisations to robustly identify and manage at all layers the hardware and software assets used in today’s products,” added Hutchison.
“Organizations developing connected/digital devices should ensure they are taking steps to understand and secure the both the software and hardware supply chain and maintaining comprehensive Bills of Material to enable them to better respond to security issues across the board.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.