The vulnerabilities, identified by cybersecurity researchers at ERNW, affect devices using Airoha Systems on a Chip (SoCs) and impact popular brands including Sony, Marshall, Beyerdynamic, and Bose. These flaws expose a powerful custom protocol through BLE GATT (Bluetooth Low Energy Generic Attribute Profile) and RFCOMM channels via Bluetooth Classic, allowing attackers to read and write device RAM and flash memory without any authentication. Critical flaws affect millions of Bluetooth headphones from Sony, Marshall, Bose using Airoha chips - attackers only need 10-meter proximity. The vulnerabilities create a “wormable” exploit scenario where compromised devices could potentially spread malware to other vulnerable devices through their GATT services and characteristics. The vulnerabilities affect both Bluetooth BR/EDR (Bluetooth Classic) and Bluetooth Low Energy (BLE) connections, requiring only that attackers be within Bluetooth range of approximately 10 meters. Other confirmed vulnerable devices include the Beyerdynamic Amiron 300, Bose QuietComfort Earbuds, Jabra Elite 8 Active, and various JBL models. Many manufacturers remain unaware that their devices use vulnerable Airoha SoCs, as Bluetooth modules are often outsourced during development. While the technical barriers for exploitation remain high, requiring proximity and advanced technical skills, the vulnerabilities pose significant risks for high-value targets, including journalists, diplomats, and VIPs. Users are advised to monitor their device manufacturers’ websites for firmware updates and consider removing Bluetooth pairings if they believe their device may be targeted.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 30 Jun 2025 10:30:09 +0000