• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

0

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Researchers have discovered a security flaw in Bluetooth headphones and earbuds from Sony, JBL and more, allowing attackers to hijack audio devices, eavesdrop and steal phone numbers and contact information.

Cybersecurity firm ERNW identified vulnerabilities in audio products using a Bluetooth System on a Chip (SoC) from manufacturer and supplier Airoha, allowing threat actors to manipulate devices without needing to pair with them.

This SoC is used among many popular brands, with affected devices confirmed to include the Sony WH-1000XM6, Link Buds S, Jabra Elite 8 Active, Bose QuietComfort Earbuds and more.

As noted in the report, the vulnerabilities allow cybercriminals to hijack headphones over Bluetooth, with BLE GATT services and BD/EDR (a.k.a. Bluetooth Classic) missing authentication and leaving these devices open to be taken over without any need for pairing or authentication.

"The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition," ERNW reports. "It is possible to read and write the device’s RAM and flash. These capabilities also allow attackers to hijack established trust relationships with other devices, such as the phone paired to the headphones."

The security flaws can lead to threat actors knowing what is currently playing on devices via RAM reading commands, eavesdropping on conversations when the Bluetooth Classic vulnerability is exploited and being able to see a connected device's phone number and incoming calls.

It's important to note that these vulnerabilities can only be exploited if an attacker is within Bluetooth range of a device (around 10 meters), and requires several steps to achieve hijacking without being noticed — with ERNW noting that it would take a "high technical skill set."

So, while it's possible for cybercriminals to take advantage of these flaws in headphones or earbuds using Airoha Bluetooth SoCs (especially if they're wireless), they would need to be in close range.

What devices are affected?

While many audio products, including headphones, earbuds, speakers and wireless microphones, are known to use Airoha's Bluetooth chip, the cybersecurity firm has confirmed a list of devices that are affected.

Here's a look at the devices that are exposed to the vulnerability:

• Beyerdynamic Amiron 300
• Bose QuietComfort Earbuds
• EarisMax Bluetooth Auracast Sender
• Jabra Elite 8 Active
• JBL Endurance Race 2
• JBL Live Buds 3
• Jlab Epic Air Sport ANC
• Marshall Action III
• Marshall Major V
• Marshall Minor IV
• Marshall Motif II
• Marshall Stanmore III
• Marshall Woburn III
• MoerLabs EchoBeatz
• Sony CH-720N
• Sony Link Buds S
• Sony ULT Wear
• Sony WF-1000XM3
• Sony WF-1000XM4
• Sony WF-1000XM5
• Sony WF-C500
• Sony WF-C510-GFP
• Sony WH-1000XM4
• Sony WH-1000XM5
• Sony WH-1000XM6
• Sony WH-CH520
• Sony WH-XB910N
• Sony WI-C100
• Teufel Tatws2

However, it's expected that many more audio devices with the SoC are also exposed to the security flaw, but it's virtually impossible to test them all with the amount out there. ERNW states that "some vendors are not even aware that they are using an Airoha SoC," due to parts like the Bluetooth chip being outsourced for development.

Since these headphones, earbuds and more are from popular brands, including the latest Sony WH-1000XM6, it's likely that many people are at risk of the vulnerability.

How to stay safe

While many of the best headphones and best wireless earbuds are affected, an attack that exploits these security flaws would only take place if a cybercriminal is in range. So, as with any Bluetooth attack, it's a good idea to be cautious when in public spaces, such as public transport, cafés and more.

The only real way to stay safe from these types of attacks is to disable Bluetooth, which isn't ideal for wireless headphones and earbuds. Of course, it's also best to use wired options that don't require Bluetooth, such as the Sennheiser IE 200 wired earbuds.

As this leaves many audio products open to attack, Airoha has now fixed the vulnerabilities in a Software Development Kit (SDK). A new version with the fixes has been sent to manufacturers as of the first week of June, meaning brands such as Sony, JBL, Marshall and others should have a firmware update available with the fixes so users can update their devices with the latest patch.

Currently, ERNW isn't aware of any fixed firmware releases, but as soon as one is available, users with affected devices should update their headphones, earbuds and more to make sure they aren't at risk.

To keep yourself safe from any online threats that these security vulnerabilities may exploit, it's best to use the best antivirus software and best password managers, too.

More from Tom's Guide

• The Sonos Ace have one of my favorite wireless features — and it's not the ANC
• Over 40,000 security camera feeds found exposed online – here’s how to protect yours
• These 5 macOS settings are a security risk and you should turn them off now