If you use Bluetooth headphones from Sony, Bose, Marshall, Jabra, or JBL, you need to pay attention. A new report says hackers can spy on your headphones without pairing or permission. Yes, just being near you is enough.

This vulnerability affects many top headphones, including some of the best-selling noise-canceling models in the market. The issue is with the Bluetooth chips made by Airoha Systems. These chips are found in popular headphones, earbuds, speakers, and even wireless mics.

Also read: Best Free Antivirus Software

German cybersecurity researchers from ERNW have discovered that hackers can take full control of your headphones if they are within Bluetooth range. They can listen through your headphones’ microphone, extract contacts, make or receive calls, and even change the firmware. And you will not even know unless your Bluetooth connection suddenly drops.

Since hackers can change firmware, they can build malware that spreads from one vulnerable headphone to another. This could happen automatically once one device is infected.

This issue is possible because the Bluetooth chip uses a custom protocol that has no proper security checks. That means hackers can use it to read or write data without pairing. The researchers are calling this flaw CVE-2025-20702, along with two more issues (CVE-2025-20700 and CVE-2025-20701) related to missing authentication.

Affected Devices

The list includes some really popular models:

  • Sony: WH-1000XM4, WH-1000XM5, WH-1000XM6, WH-CH520, WH-XB910N, WI-C100, WF-1000XM3, WF-1000XM4, WF-1000XM5, CH-720N, Link Buds S, ULT Wear, WF-C500, WF-C510-GFP
  • Marshall: ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III
  • Bose: QuietComfort Earbuds
  • Beyerdynamic: Amiron 300
  • EarisMax: Bluetooth Auracast Sender
  • Jabra: Elite 8 Active
  • JBL: Endurance Race 2, Live Buds 3
  • Jlab: Epic Air Sport ANC
  • MoerLabs: EchoBeatz
  • Teufel: Tatws2

Many users may not even know that their device uses Airoha chips because some brands do not reveal that information.

What Can You Do?

Right now, there is not much that end-users can do. The fix has to come from the device makers. Airoha has already updated their software, but now it is up to brands like Sony and Bose to release firmware updates. Sadly, not all companies are quick to release updates, and some older or budget devices might never get them.