Serious Bluetooth security flaw discovered that allows attackers to eavesdrop on users

These vulnerabilities allow attackers to exploit Bluetooth connections to secretly access and control headphones without the user's permission. Specifically, hackers can turn headphones into eavesdropping devices, taking advantage of the built-in microphone to record the surrounding environment without the victim knowing.

They can also send commands to a paired device, such as a phone or tablet, to make secret calls, retrieve contacts, messages, or other personal data.

All of this can happen silently, without leaving any obvious signs to the user, making detection nearly impossible without specialized analysis tools.

Bluetooth headsets can become spy devices

Security researchers at ERNW (Germany) have discovered serious weaknesses in the authentication mechanism of both Bluetooth Classic and BLE (Bluetooth Low Energy) protocols integrated by Airoha in many System-on-Chip (SoC) chip lines.

These SoCs are commonly used in many headphone and earphone models from brands like Sony, Bose, JBL, Jabra, Marshall, Beyerdynamic and many others.

While Airoha may not be a household name to end users, its hardware is widely present in countless consumer audio devices, making the impact of the vulnerability much more serious.

Security vulnerabilities identified with CVE codes include:

CVE-2025-20700:Missing authentication in GATT (Generic Attribute Profile) service, affecting BLE connection.

CVE-2025-20701:Lack of authentication in Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate) protocol, allowing attackers to interfere with traditional connections.

CVE-2025-20702:Exploiting the unchecked capabilities of a custom protocol, with a CVSS severity score of 9.6, classified as near critical.

Headphones turned into "recording microphones" unexpectedly

Combining these vulnerabilities allows hackers to turn a seemingly harmless Bluetooth headset into a spy device. In one test scenario, the researchers redirected audio signals from the headset to record ambient sounds, essentially turning the device’s microphone into an eavesdropping tool.

Another attack allows sending commands to the paired device (e.g. phone), causing it to make calls without the user's knowledge or extracting information such as contacts, call logs, messages...

Warning to manufacturers and users

With near-maximum severity scores and the ability to attack without requiring victim interaction, these vulnerabilities pose an urgent need for device manufacturers to update firmware and patch as soon as possible.

For users, the most important advice right now is to keep a close eye on any firmware updates for your headphones or earbuds. Airoha has already completed a fix, but ERNW reports that it “has not yet seen any patches released to the public.” Many companies may bundle the fix into their regular updates, but the timing of its release has not been finalized.

While waiting for the patch to be confirmed, users should:

- Check the firmware using the manufacturer's official application at least once a week.

- Disconnect and avoid using affected models in environments containing sensitive information.

- Monitor security recommendations on the brand's website, email, or social media.

- Avoid leaving the headset in always-ready mode when not needed to reduce the risk of being scanned.

While exploiting these vulnerabilities requires specialized skills and proximity to the target, the new findings show that audio devices have become data “gateways.” As headphones double as phone calls, voice assistant controls, and music playback, a serious flaw could turn a familiar gadget into a significant privacy threat.

In the era of wireless connectivity, even seemingly simple devices like headphones can become targets for hackers. This is also a reminder for users that security is not only in phones or computers, but in every smallest connection point around us.