Bluetooth Flaws Let Hackers Hijack Sony, Bose Devices

A trio of critical Bluetooth flaws let hackers take control of millions of popular headphones and earbuds without pairing or authentication. Security researchers at ERNW identified the vulnerabilities in Airoha Bluetooth chips used in devices from Sony, Bose, Marshall, and others. Hackers only need to be within 10 meters to exploit the flaws.

The vulnerabilities—CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702—affect both Bluetooth Classic and Low Energy protocols. The most severe flaw enables attackers to access RAM and flash memory, extract Bluetooth keys, and impersonate trusted devices. These Bluetooth flaws let hackers eavesdrop through embedded microphones, steal contacts, and possibly spread malware between nearby devices.

Airoha released fixes to manufacturers in June 2025, but no public firmware updates have followed. Many brands remain unaware their outsourced Bluetooth modules use vulnerable components. Users should check for firmware updates and unpair devices if they suspect tampering.

Read the full report at: https://cybersecuritynews.com/bluetooth-vulnerabilities/