PROTECT YOUR DNA WITH QUANTUM TECHNOLOGY
Orgo-Life the new way to the future Advertising by AdpathwayOpen-access content Jack Loughran —
Tue 1 Jul 2025
Three vulnerabilities have been identified in Bluetooth headphones made by the likes of Sony, Jabra and Marshall that could allow attackers to eavesdrop on conversations or retrieve call history and stored contacts.
The headphones all use chipsets manufactured by Airoha – a firm that has become a large supplier in the Bluetooth audio space, especially for True Wireless Stereo earbuds.
Security researchers ERNW found that “powerful custom protocols” could be executed on the devices through attacks that give read and write access to either the RAM or the flash storage. Crucially, they can be executed by attackers who are not paired with the devices – they merely need to be within Bluetooth range.
ENRW said it did not want to “disclose too many details” including the specifics of the vulnerabilities as they may be difficult to patch by vendors.
It added: “One other issue we identified is that some vendors are not even aware that they are using an Airoha system-on-chip. They have outsourced parts of the development of their device, such as the Bluetooth module.”
One attack trialled by the firm allowed them to get a read on the currently playing media from the headphones via the RAM reading commands. The attacks did need to be tailored to each device individually depending on firmware version.
More concerningly, another attack would allow a hacker to establish a Bluetooth connection to vulnerable devices and listen to what their microphone is currently recording. This would result in the connection to existing devices being dropped, which at least alerts the user if they are actively using the device.
ENRW warned that even if patches are developed to improve the security of the devices, not all manufacturers push updates – especially for lower-cost or end-of-life products.
The models identified include Sony’s popular WF-1000XM3 and later revisions of Bose’s QuietComfort Earbuds and the JBL Live Buds 3. A full list of vulnerable devices identified so far can be seen in ENRW’s blog post.
Early versions of Bluetooth were highly vulnerable to attack, even through relatively rudimentary hacking attempts. Later versions – especially from version 2.1, which released in 2009 – made changes to pairing protocols that improved its security.
You may also be interested in...
The financial impact of the recent cyber incident on Marks & Spencer and the Co-op could be as much as £440m, according to estimates by the Cyber Monitoring Centre.
Open-access content
The British royal train will be decommissioned by 2027, Buckingham Palace has announced, as part of a raft of cost-cutting measures.
Open-access content
With the US-UK trade deal taking effect today, British car makers are getting ready to send a series of major shipments across the Atlantic to meet pent-up demand.
Open-access content
Muon Space has released the first images from its upcoming satellite constellation that will be able to scan the Earth’s surface every 20 minutes to find incidences of wildfires.
Open-access content
HS2 has completed excavation on the 8.4-mile-long Northolt Tunnel under London in what will be a major artery for the upcoming rail route.
Open-access content
Greenhouse gas (GHG) emissions from private jets have soared by 25% over the past decade and now account for nearly 4% of all civil aviation emissions, a study has found.
Open-access content
The crash of a commercial spacecraft on the surface of the Moon earlier this month was due to problems with the vehicle’s Laser Range Finder (LRF), Japanese firm ispace has said.
Open-access content
Aviation now contributes a greater share of total UK emissions than the entire electricity supply sector, putting future climate change targets at risk, a report has found.
Open-access content
More from Consumer Technology
Robot vacuum cleaners could be reprogrammed to perform helpful tasks around the house such as playing with a pet, watering the plants and carrying groceries to the kitchen.
Open-access content
A new cable designed to replace HDMI and USB by offering more data bandwidth and power availability has been unveiled by a consortium of Chinese tech firms.
Open-access content
O2’s decision to switch off its legacy 3G network next month will create £13.7m worth of e-waste, researchers have said.
Open-access content
This affordable drone is ideal for those curious to try out the tech – but, barring a few key components, DJI has made it near-impossible to repair at home.
Open-access content
More from Cybersecurity
The two trends that have gained traction in the energy sector in recent years are the topics of personnel safety in protection relay testing and the cybersecurity of critical infrastructure.
Sponsored by OMICRON
Open-access content
A cyber attack on the UK’s legal aid systems in April was able to extract a ‘large amount of information’ relating to applicants including criminal records.
Open-access content
Although quantum technology is still very much in its infancy, its commercial applications are already available.
Open-access content
The UK government has set out proposals for the Cyber Security and Resilience Bill, which is due to be brought before parliament later this year.
Open-access content
More from Gadgets
A new cable designed to replace HDMI and USB by offering more data bandwidth and power availability has been unveiled by a consortium of Chinese tech firms.
Open-access content
This affordable drone is ideal for those curious to try out the tech – but, barring a few key components, DJI has made it near-impossible to repair at home.
Open-access content
This diminutive device tracks vital health signs and physical activity, but does its environmental impact override the technological advance?
Open-access content
As the year draws to a close, we at E+T magazine have been looking back at some of the most important trends in engineering and technology over the past year.
Open-access content
More from Jack Loughran
A nano satellite known as QUICK³ has been blasted into orbit to test components for use in future quantum satellite systems to be used for secure communications.
Open-access content
Diverting food waste away from landfills and towards proper recycling methods could have a drastic impact on reducing global greenhouse gas emissions, a Penn State University study has found.
Open-access content
Scientists have calculated that policies designed to reduce the proliferation of plastic bags across the US have led to decreases of up to 47% on shorelines.
Open-access content
The government will slash green levies to reduce the high cost of energy faced by British business.
Open-access content
More from News
The gov.uk app can now be downloaded in public beta format, with further development to follow later in the year.
Open-access content
The first uncrewed aircraft traffic management system designed specifically to prevent mid-air collisions between drones has received Federal Aviation Administration approval and is now operational.
Open-access content
3D-printed human islets could lead to a more effective and less invasive treatment for type 1 diabetes.
Open-access content
UK defence firm Babcock has announced it has started building key components for the SSN-AUKUS next-generation nuclear-powered attack submarine programme.
Open-access content
English (US) · 
French (CA) ·