\nResearchers have found vulnerabilities in 29 Bluetooth devices like speakers, earbuds, headphones, and wireless microphones from reputable companies including Sony, Bose, and JBL. The vulnerabilities could be exploited to spy on users, and even steal information from the device.<\/p>\n
The researchers who discovered the Bluetooth vulnerabilities are from ERNW (Enno Rey Netzwerke GmbH), a well-established independent IT security firm based in Heidelberg, Germany. During their research into headphones and earbuds, the researchers identified several vulnerabilities in devices that incorporate Airoha Systems on a Chip (SoCs). Airoha is a large supplier in the Bluetooth audio space, especially in the area of True Wireless Stereo (TWS) earbuds.<\/p>\n
They found three vulnerabilities that let an attacker interfere with the connection between the mobile phone and an audio Bluetooth device, and then issue commands to the phone. Using these vulnerabilities, the researchers were able to initiate a call and eavesdrop on conversations or sounds within earshot of the phone.<\/p>\n
What an attacker would be able to do with a vulnerable device, largely depends on the abilities that the devices themselves have. All major platforms support at least initiating and receiving calls, but under some circumstances an attacker could also retrieve the call history and contacts. <\/p>\n
The researchers note that although these attack scenarios are serious, they also require a skilled attacker who is within range. The attacker would have to be close to the target, since Bluetooth vulnerabilities are inherently limited to short ranges due to the technology’s design for low-power, personal area networking. The typical effective range for most consumer Bluetooth devices is about 10 meters (33 feet) under ideal conditions, as the signals weaken significantly with distance and physical obstacles.<\/p>\n
To perform inconspicuous eavesdropping, the listening device must be turned on but not in active use. Because these devices can only handle one Bluetooth connection at a time, the legitimate connection would be dropped if an attacker connects, which the user would likely notice.<\/p>\n
## Vulnerable Bluetooth devices<\/p>\n
The following devices were confirmed to be vulnerable:<\/p>\n
* Beyerdynamic Amiron 300
* Bose QuietComfort Earbuds
* EarisMax Bluetooth Auracast Sender
* Jabra Elite 8 Active
* JBL Endurance Race 2
* JBL Live Buds 3
* Jlab Epic Air Sport ANC
* Marshall ACTON III
* Marshall MAJOR V
* Marshall MINOR IV
* Marshall MOTIF II
* Marshall STANMORE III
* Marshall WOBURN III
* MoerLabs EchoBeatz
* Sony CH-720N
* Sony Link Buds S
* Sony ULT Wear
* Sony WF-1000XM3
* Sony WF-1000XM4
* Sony WF-1000XM5
* Sony WF-C500
* Sony WF-C510-GFP
* Sony WH-1000XM4
* Sony WH-1000XM5
* Sony WH-1000XM6
* Sony WH-CH520
* Sony WH-XB910N
* Sony WI-C100
* Teufel Tatws2<\/p>\n
If you own one of these devices, keep an eye out for firmware updates to be issued by the manufacturers. If you find your connection drops while using one of the above Bluetooth devices, restart the the device\u2014it should automatically connect back to your phone\/system.<\/p>\n
* * *<\/p>\n
**We don\u2019t just report on threats\u2014we remove them**<\/p>\n
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Bluetooth vulnerability in audio devices can be exploited to spy on users Update ID MALWAREBYTES:282363303682DA8A93E8C9B977CADC4E Type malwarebytes Published 2025-07-01T14:57:20…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,115,13,33,7,11,5],"class_list":["post-7481","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n
Bluetooth vulnerability in audio devices can be exploited to spy on users - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=7481\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bluetooth vulnerability in audio devices can be exploited to spy on users - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Bluetooth vulnerability in audio devices can be exploited to spy on users Update ID MALWAREBYTES:282363303682DA8A93E8C9B977CADC4E Type malwarebytes Published 2025-07-01T14:57:20...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=7481\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-01T11:37:23+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7481#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7481\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Bluetooth vulnerability in audio devices can be exploited to spy on users\",\"datePublished\":\"2025-07-01T11:37:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7481\"},\"wordCount\":550,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"malwarebytes\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7481#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7481\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7481\",\"name\":\"Bluetooth vulnerability in audio devices can be exploited to spy on users - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-01T11:37:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7481#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7481\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7481#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Bluetooth vulnerability in audio devices can be exploited to spy on users\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bluetooth vulnerability in audio devices can be exploited to spy on users - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=7481","og_locale":"en_US","og_type":"article","og_title":"Bluetooth vulnerability in audio devices can be exploited to spy on users - zero redgem","og_description":"Security Update News Update Information Title Bluetooth vulnerability in audio devices can be exploited to spy on users Update ID MALWAREBYTES:282363303682DA8A93E8C9B977CADC4E Type malwarebytes Published 2025-07-01T14:57:20...","og_url":"https:\/\/zero.redgem.net\/?p=7481","og_site_name":"zero redgem","article_published_time":"2025-07-01T11:37:23+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=7481#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=7481"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Bluetooth vulnerability in audio devices can be exploited to spy on users","datePublished":"2025-07-01T11:37:23+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=7481"},"wordCount":550,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","malwarebytes","news","NONE","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=7481#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=7481","url":"https:\/\/zero.redgem.net\/?p=7481","name":"Bluetooth vulnerability in audio devices can be exploited to spy on users - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-01T11:37:23+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=7481#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=7481"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=7481#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Bluetooth vulnerability in audio devices can be exploited to spy on users"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7481"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7481\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}