Major security flaw hits Sony, JBL, Bose BT headphones
A newly discovered Bluetooth flaw in Airoha chips could let hackers take over more than 100 headphone and earbud models from brands like Sony, Bose, JBL, and Marshall.
The issue was flagged by German cybersecurity firm Enno Rey Netzwerke GmbH (ERNW) and means someone within 10 meters could control your headphones—no pairing needed.
What the vulnerability allows
Attackers can mess with device memory, listen in on calls or music, grab contacts, make random calls from your device, or even turn your headphones into secret microphones.
ERNW showed these hacks are possible using the vulnerability in Airoha's Bluetooth system.
Airoha's chip used in many popular models
Popular models like Sony WH-1000XM6, Bose QuietComfort Earbuds, JBL Live Buds 3, and several others are on the list.
While Airoha has released a fix for manufacturers (as of June 4), updates for users aren't out yet.
Until then: keep an eye out for firmware updates from your brand and switch off Bluetooth when you're in public places.
Stay cautious until patches arrive
This hack isn't super easy—it needs technical skills and being physically close to your device—but if you use high-end headphones or earbuds a lot outside home or work with sensitive info, it's smart to stay cautious until patches arrive.