Latest news with #ERNW
Mint
3 days ago
- Mint
Sony, JBL, Bose BT headphones hit by major security flaw: 100+ models affected
A serious security flaw has been found in Bluetooth headphones and earbuds using chips from Taiwanese manufacturer Airoha, exposing millions of users to potential privacy threats. The vulnerability affects popular models from Sony, JBL, Bose, Jabra, Marshall, and others, allowing hackers to hijack audio devices without the need for pairing or authentication. No pairing required for attack Discovered by German cybersecurity firm Enno Rey Netzwerke GmbH (ERNW), the flaw lies in Airoha's Bluetooth System-on-a-Chip (SoC), widely used in wireless audio products. According to ERNW, 'The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition.' Attackers just need to be within 10 meters of the device to hack it. Once in range, they can access RAM and flash memory, view currently playing media, extract contact details and even initiate phone calls using the hijacked headphones as a bridge. In some cases, the vulnerability could be used to convert earphones into makeshift microphones, raising concerns over potential surveillance. Over 100 models are likely affected Confirmed affected devices include premium models such as the Sony WH-1000XM6, Bose QuietComfort Earbuds, JBL Live Buds 3, Jabra Elite 8 Active, and several products from Marshall. ERNW estimates that over 100 models may be vulnerable, as many brands unknowingly use Airoha chips through third-party sourcing. At the Troopers conference in Heidelberg, researchers revealed three vulnerabilities, one critical and two high-risk. The flaws could expose phone numbers, reveal call data or allow attackers to manipulate trust relationships between headphones and connected smartphones. ERNW released a list of devices that are confirmed to be vulnerable: Beyerdynamic Amiron 300 Bose QuietComfort Earbuds EarisMax Bluetooth Auracast Sender Jabra Elite 8 Active JBL Endurance Race 2 JBL Live Buds 3 Jlab Epic Air Sport ANC Marshall ACTON III Marshall MAJOR V Marshall MINOR IV Marshall MOTIF II Marshall STANMORE III Marshall WOBURN III MoerLabs EchoBeatz Sony CH-720N Sony Link Buds S Sony ULT Wear Sony WF-1000XM3 Sony WF-1000XM4 Sony WF-1000XM5 Sony WF-C500 Sony WF-C510-GFP Sony WH-1000XM4 Sony WH-1000XM5 Sony WH-1000XM6 Sony WH-CH520 Sony WH-XB910N Sony WI-C100 Teufel Tatws2 Please note that these are the confirmed devices that have been exposed to a hijacking threat. Researchers say there could be more. Fix released, but no firmware updates yet Airoha released a patched Software Development Kit (SDK) to manufacturers on June 4. However, as of now, no firmware updates have reached consumers. ERNW urges users to regularly check brand apps for updates or contact support directly. Although the flaws are technically complex and require close physical proximity, ERNW advises heightened caution for high-risk users such as journalists, diplomats and government personnel. For everyday users, the immediate threat remains comparatively lower. In the meantime, experts recommend turning off Bluetooth in public spaces or switching to wired alternatives for added security.
Forbes
3 days ago
- Forbes
Spy Attack Alert For Headphone Users — Is Yours On The At Risk List?
Bluetooth vulnerability puts headphone users at risk. Hackers are, by their very nature, ingenious and inventive. It comes as part of the job description, and so this latest revelation should come as no surprise. After all, we've already seen hackers using printers, lightbulbs, vacuum cleaners and smartwatches in attack scenarios. Not to mention automatic password hacking machines and, of course, critical vulnerability exposure. And it's the latter, a vulnerability, that brings us nicely to the threat at hand. Researchers have found that more than two dozen earbuds, headphones, speakers and wireless mics from big-name brands are vulnerable to an attack that could see a skilled hacker successfully spying on the user, and even exfiltrating data from some smartphones. Here's what you need to know. Listen Carefully — This Spy Threat Comes Via Your Audio Tech There's something particularly insidious about a security threat that can exploit the technology we use to escape from the hubbub, to unwind, listen to music and podcasts, and spy on us. What's more, according to Dennis Heinze, a security analyst and researcher at ERNW, 'any vulnerable device can be compromised if the attacker is in Bluetooth range. That is the only precondition.' Now that, dear reader, is somewhat concerning. A recently published security alert by security researchers at ERNW has identified several Bluetooth security vulnerabilities affecting audio devices, including those from well-known earphone and headphone brands that utilize Airoha Systems on a Chip. Airoha is 'a large supplier in the Bluetooth audio space, especially in the area of True Wireless Stereo (TWS) earbuds,' Heinze said. While stating that ERNW does not want to disclose proof of concept code or too many technical details at this point, Heinze added that he wanted 'inform about these vulnerabilities, especially their impact and the difficulties around patching them.' What ERNW and Heinze have said, however, is that, in most cases, 'these vulnerabilities allow attackers to fully take over the headphones via Bluetooth.' There is absolutely no authentication or pairing involved, as long as the hacker is within Bluetooth range, your headphones could be vulnerable. The researcher said that attackers could read and write to device RAM and flash memory, and could 'hijack established trust relationships with other devices, such as the phone paired to the headphones.' CVE-2025-20700 (missing authentication for the Generic Attribute Profile service) and CVE-2025-20701 (missing authentication for Bluetooth Basic Rate/Enhanced Data Rate) are both high-risk vulnerabilities with a severity rating of 8.8/10. However, CVE-2025-20702, which Heinze described as presenting 'critical capabilities of a custom protocol,' has been given a critical rating, under the Common Vulnerability Scoring System, of 9.6/10. The Threat From These Audio Spy Attacks Explained Like many such reports, although the headline threat is indeed rather worrying, the real-world impact is likely to be significantly less, in my never humble opinion. 'One attack we implemented was reading out the currently playing media from the headphones via the RAM reading commands,' Heinze said. More worryingly, Heinze reported that exploiting the broken BR/EDR pairing was able to allow an attacker to listen to what the device microphone was recording. Again, in the real-world this wouldn't be very secret squirrel as the exploit would cause whatever the victim was listening to be dropped. 'For it to go unnoticed,' Heinze confirmed, 'headphones have to be turned on, but not in active use.' And then we come to the smartphone issue. This exploits the trust between a Bluetooth device and the phone it has paired with. 'If an attacker can impersonate the headphones they could hijack this trust relationship in numerous ways,' Heinze said, including issuing commands to the smartphone in question. ERNW was able to demonstrate an exploit, using a full attack chain, that allowed for the calling of an arbitrary number from the smartphone. 'Under the right conditions,' Heinze warned, 'the established call allowed us to successfully eavesdrop on conversations or sounds within earshot of the phone.' It also allows for the extraction of call history and stored contacts data, Heinze said. Most people do not need to panic, with journalists, diplomats, political dissidents, people in sensitive industries and VIPs under surveillance being named as the most likely targets of any attacks. The kind of people who should know not to use Bluetooth headphones. Everyone, Heinze said, should patch their firmware as soon as one becomes available. In the meantime, at-risk users might want to wait for a patch until they use their headphones again. 'Please ensure that you also remove the pairing between the headphones and your mobile phone,' Heinze added. 'Ensuring complete trust in software and the technologies it supports is incredibly challenging,' Boris Cipot, a senior security engineer at Black Duck, said. With every new advancement comes the risk of unknown vulnerabilities, of course, flaws that may only be uncovered later by dedicated security researchers, Cipot warned. 'What matters most now is delivering timely updates and patches so users can operate their devices without worrying about being compromised,' Cipot said; 'Vendors using Airoha TWS technology must ensure customers receive these critical updates seamlessly via an automated upgrade process. Relying on users to manually update their devices simply isn't effective.' The Spy Attack Headphones At Risk List Heinze has said that Airoha has fixed the vulnerabilities in the software development kit and supplied a new version to device manufacturers in the first week of June. The manufacturers now have to build and distribute firmware updates, so expect to see these soon if they have not dropped already. I have approached Airoha for a statement 'We can confirm that the issues are prevalent in many entry-level and flagship models,' Heinze said, adding that ERNW confirmed Beyerdynamic, Marshall and Sony as impacted vendors. 'We know of many more devices using the chips that we assume to be vulnerable, too,' Heinze concluded. The following devices were listed as being vulnerable by the ERNW researchers: A Jabra spokesperson provided the following statement: 'At Jabra we are aware of the recently discovered Bluetooth vulnerability for Airoha chipset devices, which include the Jabra Elte 8 and Elite 10 earbuds. We have taken steps immediately to work on a firmware update to include the Airoha security patch and this will be rolled out very shortly. Jabra continues to support the Elite 8 and 10 earbuds despite having stopped the production of the Elite product line last year. We want to emphasize that no other Jabra audio devices or headsets within our portfolio are affected by this vulnerability.' I have contacted all the vendors listed above for a statement regarding the spy exploit research and will update this article when I have further information.
Tom's Guide
3 days ago
- Tom's Guide
Major security flaw exposes Sony, JBL and Bose headphones to hijacking threat — how to stay safe
Researchers have discovered a security flaw in Bluetooth headphones and earbuds from Sony, JBL and more, allowing attackers to hijack audio devices, eavesdrop and steal phone numbers and contact information. Cybersecurity firm ERNW identified vulnerabilities in audio products using a Bluetooth System on a Chip (SoC) from manufacturer and supplier Airoha, allowing threat actors to manipulate devices without needing to pair with them. This SoC is used among many popular brands, with affected devices confirmed to include the Sony WH-1000XM6, Link Buds S, Jabra Elite 8 Active, Bose QuietComfort Earbuds and more. As noted in the report, the vulnerabilities allow cybercriminals to hijack headphones over Bluetooth, with BLE GATT services and BD/EDR (a.k.a. Bluetooth Classic) missing authentication and leaving these devices open to be taken over without any need for pairing or authentication. "The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition," ERNW reports. "It is possible to read and write the device's RAM and flash. These capabilities also allow attackers to hijack established trust relationships with other devices, such as the phone paired to the headphones." The security flaws can lead to threat actors knowing what is currently playing on devices via RAM reading commands, eavesdropping on conversations when the Bluetooth Classic vulnerability is exploited and being able to see a connected device's phone number and incoming calls. It's important to note that these vulnerabilities can only be exploited if an attacker is within Bluetooth range of a device (around 10 meters), and requires several steps to achieve hijacking without being noticed — with ERNW noting that it would take a "high technical skill set." Get instant access to breaking news, the hottest reviews, great deals and helpful tips. So, while it's possible for cybercriminals to take advantage of these flaws in headphones or earbuds using Airoha Bluetooth SoCs (especially if they're wireless), they would need to be in close range. While many audio products, including headphones, earbuds, speakers and wireless microphones, are known to use Airoha's Bluetooth chip, the cybersecurity firm has confirmed a list of devices that are affected. Here's a look at the devices that are exposed to the vulnerability: However, it's expected that many more audio devices with the SoC are also exposed to the security flaw, but it's virtually impossible to test them all with the amount out there. ERNW states that "some vendors are not even aware that they are using an Airoha SoC," due to parts like the Bluetooth chip being outsourced for development. Since these headphones, earbuds and more are from popular brands, including the latest Sony WH-1000XM6, it's likely that many people are at risk of the vulnerability. While many of the best headphones and best wireless earbuds are affected, an attack that exploits these security flaws would only take place if a cybercriminal is in range. So, as with any Bluetooth attack, it's a good idea to be cautious when in public spaces, such as public transport, cafés and more. The only real way to stay safe from these types of attacks is to disable Bluetooth, which isn't ideal for wireless headphones and earbuds. Of course, it's also best to use wired options that don't require Bluetooth, such as the Sennheiser IE 200 wired earbuds. As this leaves many audio products open to attack, Airoha has now fixed the vulnerabilities in a Software Development Kit (SDK). A new version with the fixes has been sent to manufacturers as of the first week of June, meaning brands such as Sony, JBL, Marshall and others should have a firmware update available with the fixes so users can update their devices with the latest patch. Currently, ERNW isn't aware of any fixed firmware releases, but as soon as one is available, users with affected devices should update their headphones, earbuds and more to make sure they aren't at risk. To keep yourself safe from any online threats that these security vulnerabilities may exploit, it's best to use the best antivirus software and best password managers, too.
Yahoo
6 days ago
- Yahoo
Security Flaw in Bluetooth Headphones: Sony, Bose, JBL and Other Brands Affected
German security researchers have discovered significant vulnerabilities in Bluetooth headphones that allow eavesdropping on conversations or initiating calls without prior pairing. Devices from numerous well-known manufacturers are affected, yet many users are likely unaware of these risks. This involves a security vulnerability in chips from a well-known manufacturer, which are used in many Bluetooth headphones from popular brands such as Sony, Bose, JBL, Jabra, and Marshall. The discovered weaknesses allow attackers to take control of headphones remotely without needing a prior connection. Sensitive actions like eavesdropping on conversations or initiating calls are also possible under certain conditions. Researchers from the Heidelberg-based IT security company Enno Rey Netzwerke GmbH (ERNW) have identified several security vulnerabilities in Bluetooth chips from the Taiwanese manufacturer Airoha. The researchers presented their findings at the Troopers security conference in Heidelberg. The vulnerabilities affect several SoCs (systems-on-a-chip) from Airoha, which are used in true wireless headphones, among other devices. Through specially programmed protocols, attackers can access the working and flash memory of the devices. It is sufficient to be within Bluetooth range–about ten meters away. Although Airoha has already provided a software update, users are still waiting in vain for firmware updates from the manufacturers. The attack requires neither prior pairing nor authentication. It allows, among other things, the reading of current media titles, the capture of contact data, or the manipulation of existing trust relationships with paired smartphones. In practice, the researchers demonstrated how a call on the smartphone can be triggered using the read connection data–a potential gateway for eavesdropping attacks via the built-in microphone. Read also: Critical Chip Security Flaws Endanger Numerous Smartphones According to ERNW, the security vulnerabilities have been confirmed in 29 Bluetooth headphones, but far more models are likely affected. The list includes models such as Sony WH-1000XM4 to WH-1000XM6, JBL Live Buds 3, Bose QuietComfort Earbuds, Jabra Elite 8 Active, and various Marshall devices like Major V and Stanmore III. Brands like Teufel, Jlab, Xiaomi, and others are also affected. The researchers estimate that more than 100 different models could be vulnerable–and many manufacturers are not even aware that Airoha chips are used in their products. Airoha provided manufacturers with an updated version of its software on June 4. However, this must be passed on to end users by the device manufacturers in the form of a firmware update. So far, no newer firmware versions have appeared on affected devices that were created after the patch date. Users should therefore regularly check the manufacturers' apps for updates or contact customer support. The experts emphasize that real attacks are complex and technically demanding. They require immediate physical proximity to the target device and specialized knowledge. An attack is also not possible over the internet. Therefore, the warning is primarily directed at particularly vulnerable individuals such as journalists, diplomats, activists, or employees in security-relevant industries. For private everyday use, the risk is currently low. The post Security Flaw in Bluetooth Headphones: Sony, Bose, JBL and Other Brands Affected appeared first on TECHBOOK.
