Zero-day Bluetooth gap turns millions of headphones into listening stations
A serious security vulnerability in many Bluetooth headphones allows attackers to read data from the devices remotely and take over connections. This was discovered by researchers from the German security company ERNW. They presented their discovery at this year’s edition of the TROOPERS security conference. Millions of devices from various manufacturers are suspected to be affected; updates to resolve the problem are not yet available. Nevertheless, the researchers are reassuring: although attacks are possible, the target group for attacks is limited.
The vulnerabilities are located in Bluetooth SoC (System-on-Chip) from the Taiwanese manufacturer Airoha, which is particularly popular for “True Wireless Stereo” (TWS) headphones. Using Airoha chips, small in-ear headphones can reproduce stereo sound from playback devices such as smartphones without latency. Well-known manufacturers such as Sony, JBL, Marshall, and Bose use it in some cases, but also install Bluetooth technology from other suppliers.