Bluetooth earbuds could be a backdoor for hackers to access your phone

Researchers discovered Bluetooth earbuds have hidden vulnerabilities

German security firm ERNW has exposed critical flaws in Bluetooth chips made by Airoha. These vulnerabilities impact millions of headphones and earbuds that top brands like Sony, Bose, and JBL use.

Alarmingly, attackers don’t need your permission to connect; being within Bluetooth range is enough to start hijacking your device.

If you thought wireless audio was just about convenience, this discovery should make you think twice before popping those earbuds in.

These flaws can let hackers eavesdrop and steal data

Once inside, attackers can do far more than just mess with your playlists. They can secretly activate your microphone, listen to private conversations, and even place calls pretending to be you.

More worrying still, they can extract contact lists and sensitive data stored on your connected phone. Your earbuds could transform into a remote-controlled spy tool without you knowing it happened.

Three major CVEs explain the Bluetooth weaknesses

The vulnerabilities have been cataloged as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702. The last one is rated “Critical,” scoring a 9.6 out of 10 on the CVSS severity scale.

These flaws stem from missing authentication and a custom protocol inside Airoha’s chips. The result? Anyone with the right tools and in range can exploit them to fully compromise your Bluetooth audio gear fully.

No pairing required means hackers can strike silently

Unlike typical Bluetooth connections, these attacks don’t rely on you accepting a pairing request. Instead, the flaws let hackers connect invisibly, bypassing all the customary handshakes.

It’s like leaving your front door wide open without realizing it. This lack of authentication makes the vulnerabilities particularly insidious because victims do not know anything is wrong until it’s too late.

Popular devices you own are on the target list

You’re at risk if you own Sony’s WH-1000XM series or Bose QuietComfort earbuds. Other vulnerable models include JBL Live Buds 3, Jabra Elite 8 Active, Marshall headphones, and Xiaomi Redmi Buds.

The list is likely much longer, as many manufacturers use Airoha chips without advertising them. This hidden supply chain complexity means countless devices worldwide could be silently exposed.

A proof-of-concept exploit proves the danger is real

At the TROOPERS security conference, researchers demonstrated live attacks. They showed how to hijack Bluetooth headphones, read and write memory, and issue commands remotely.

One test involved tricking a phone into believing it was still connected to legitimate headphones while the attacker controlled the link. This chilling demonstration confirmed that the vulnerabilities aren’t theoretical; they can be exploited in the real world.

Why proximity makes this threat especially tricky

While the attack isn’t possible over the internet, that doesn’t mean you’re safe. Hackers only need to be within Bluetooth range, about 10 meters, to pull it off.

Think of coffee shops, airports, or any crowded public place. It wouldn’t take much for a malicious actor to scan for vulnerable devices and target unsuspecting users right under their noses.

State-sponsored attackers are most likely to exploit these flaws

Although technically skilled hobbyists could attempt an attack, experts believe the most likely abusers are advanced threat actors.

That includes state-sponsored hackers who already target journalists, diplomats, and executives. For high-value individuals, this creates a serious espionage risk.

However, even everyday consumers could suffer collateral damage if attackers cast a wide net in busy urban areas.

Airoha released patches, but consumers can’t update directly

Airoha has updated its SDK to fix the vulnerabilities, but there’s a catch: individual users can’t patch their earbuds themselves. Instead, each device manufacturer must create new firmware and push updates to consumers.

Because many companies don’t disclose which chips they use, it’s uncertain when or if these updates will ever reach your headphones.

Why supply chain complexity slows down security fixes

One reason Bluetooth vulnerabilities often linger is the tangled supply chain. Brands might buy chips secondhand or integrate them via contract manufacturers who don’t track detailed component inventories.

This creates a murky ecosystem where even well-known brands can lose visibility into which devices are affected. It also means customers are often the last to know their gear is compromised.

Bluesnarfing, Bluejacking, and Bluebugging are still alive and well.

These Bluetooth flaws echo earlier threats like Bluesnarfing (stealing data), Bluejacking (spamming malicious messages), and Bluebugging (taking remote control).

At the same time, those attacks seemed like relics of the 2000s, but the new vulnerabilities prove that Bluetooth security hasn’t kept pace with modern threats. If anything, the risks have grown as Bluetooth becomes more deeply embedded in our lives.

Bluetooth exploits have targeted cars and hospitals

Bluetooth attacks aren’t limited to headphones. Past incidents have involved hackers accessing car entertainment systems and compromising medical devices.

In 2017, researchers showed how attackers could control insulin pumps and pacemakers using Bluetooth flaws. These examples are a stark reminder that wireless convenience can be a significant liability if unprotected.

Even smart lightbulbs and locks can be vulnerable

Security experts warn that Bluetooth flaws can affect almost anything: smart bulbs, garage doors, and home locks included. In a recent demonstration, researchers found over 150 Bluetooth-enabled devices while walking down a suburban street.

Each device represented a potential entry point for attackers, highlighting how pervasive and often invisible these risks have become.

Bluetooth attacks could escalate into full phone takeovers

Once an attacker compromises your Bluetooth earbuds, they can pivot to your phone. Researchers warn that hackers could execute commands, read messages, or even deploy malware by impersonating trusted devices.

It’s a chilling scenario, especially considering most people never suspect their headphones are the weak link in their digital security.

Apple and Android are tightening Bluetooth security

In response to past exploits, Apple recently introduced automatic time limits for accepting links and files over Bluetooth.

Android has improved encryption and authentication defaults in recent updates. While no platform is immune, these improvements are helping reduce the risk of widespread attacks, especially those targeting casual users through social engineering.

Curious where attackers are striking next? Please take a look at how hackers are exploiting ServiceNow bugs here.

The future of Bluetooth needs better security by design

This incident highlights a systemic problem: Bluetooth protocols prioritize convenience over security. As more critical devices rely on Bluetooth, manufacturers must adopt stronger encryption, enforce authentication, and design patchable systems.

Until then, Bluetooth will remain an underestimated risk lurking in our pockets, cars, and homes, ready for the next clever hacker to exploit.

Want to see where threats are surfacing next? Learn how Chinese hackers are going after local governments here.

What do you think about hackers using Bluetooth headphones to hack your smartphone and nearby tech devices? Please share your thoughts and drop a comment.

Read More From This Brand:

• Chinese Hackers Lurked in US Telecom Shadows for a Year
• North Korean Hackers Lure Devs with Fake Challenges
• ​Hackers Exploit Zoom Remote Control for Crypto Theft

Don’t forget to follow us for more exclusive content on MSN.

If you liked this story, you’ll LOVE our FREE emails. Join today and be the first to get stories like this one.

This slideshow was made with AI assistance and human editing.