ZerosquareLe 28/06/2025 à 10:20
Security Advisory: Airoha-based Bluetooth Headphones and EarbudsInsinuator.netImportant note: Some media coverage on this topic falsely or inaccurately depicts the attack conditions. To be clear: Any vulnerable device can be compromised if the attacker is in Bluetooth range. That is the only precondition.
During our research on Bluetooth headphones and earbuds, we identified several vulnerabilities in devices that incorporate Airoha Systems on a Chip (SoCs). In t ... During our research, we purchased a number of devices and analyzed devices from friends and colleagues. We can confirm that the issues are prevalent in many entry-level and flagship models. Vendors we confirmed ourselves are Beyerdynamic, Marshall, and Sony. Furthermore, we know of many more devices using the chips that we assume to be vulnerable, too.
(...)
In most cases, these vulnerabilities allow attackers to fully take over the headphones via Bluetooth. No authentication or pairing is required. The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition. It is possible to read and write the device’s RAM and flash. These capabilities also allow attackers to hijack established trust relationships with other devices, such as the phone paired to the headphones. These capabilities allow for multiple attack scenarios.