Widespread Bluetooth Security Flaws Put Headphones at Risk
Bluetooth headphones and earbuds may not be as secure as you think. Security researchers from ERNW have identified multiple vulnerabilities in Bluetooth hardware that could potentially expose users to privacy and security threats. The team uncovered three major flaws, one of which was rated high severity, in widely used Bluetooth audio chipsets. Their proof-of-concept exploit demonstrated that an attacker could “read” what media was playing on a device—but the implications go far beyond that.
According to the report, the vulnerabilities could potentially allow a malicious actor to initiate unauthorized calls, access contacts or call logs, or in the worst-case scenario, remotely execute code to compromise a connected smartphone. While the research is still in early stages, the risks underscore how connected audio devices could become an overlooked threat vector.
Affecting at least 29 models of Bluetooth headphones, speakers, and microphones, the impacted devices include major products from Sony, Bose, Jabra, Marshall, JBL, and JLab. Specific devices mentioned include Sony’s WF and WH series, Marshall’s Woburn and Stanmore, and the Bose QuietComfort earbuds.
Despite the seriousness of the vulnerabilities, there’s no immediate cause for panic. Exploiting these flaws requires physical proximity to the victim, and there’s currently no evidence of these exploits being used in real-world attacks. The likelihood of a hacker randomly targeting the average user is low—more probable is a targeted operation against high-profile individuals.
ERNW disclosed the issues to manufacturers back in May, and according to German media, less than half of the affected companies have issued firmware patches to address the vulnerabilities. Consumers are advised to check for updates on their Bluetooth devices and install any new firmware as soon as it’s available.
