Headline
Bluetooth vulnerability in audio devices can be exploited to spy on users
Researchers have found a set of vulnerabilities in Bluetooth connected devices that could allow an attacker to spy on users.
Researchers have found vulnerabilities in 29 Bluetooth devices like speakers, earbuds, headphones, and wireless microphones from reputable companies including Sony, Bose, and JBL. The vulnerabilities could be exploited to spy on users, and even steal information from the device.
The researchers who discovered the Bluetooth vulnerabilities are from ERNW (Enno Rey Netzwerke GmbH), a well-established independent IT security firm based in Heidelberg, Germany. During their research into headphones and earbuds, the researchers identified several vulnerabilities in devices that incorporate Airoha Systems on a Chip (SoCs). Airoha is a large supplier in the Bluetooth audio space, especially in the area of True Wireless Stereo (TWS) earbuds.
They found three vulnerabilities that let an attacker interfere with the connection between the mobile phone and an audio Bluetooth device, and then issue commands to the phone. Using these vulnerabilities, the researchers were able to initiate a call and eavesdrop on conversations or sounds within earshot of the phone.
What an attacker would be able to do with a vulnerable device, largely depends on the abilities that the devices themselves have. All major platforms support at least initiating and receiving calls, but under some circumstances an attacker could also retrieve the call history and contacts.
The researchers note that although these attack scenarios are serious, they also require a skilled attacker who is within range. The attacker would have to be close to the target, since Bluetooth vulnerabilities are inherently limited to short ranges due to the technology’s design for low-power, personal area networking. The typical effective range for most consumer Bluetooth devices is about 10 meters (33 feet) under ideal conditions, as the signals weaken significantly with distance and physical obstacles.
To perform inconspicuous eavesdropping, the listening device must be turned on but not in active use. Because these devices can only handle one Bluetooth connection at a time, the legitimate connection would be dropped if an attacker connects, which the user would likely notice.
Vulnerable Bluetooth devices
The following devices were confirmed to be vulnerable:
- Beyerdynamic Amiron 300
- Bose QuietComfort Earbuds
- EarisMax Bluetooth Auracast Sender
- Jabra Elite 8 Active
- JBL Endurance Race 2
- JBL Live Buds 3
- Jlab Epic Air Sport ANC
- Marshall ACTON III
- Marshall MAJOR V
- Marshall MINOR IV
- Marshall MOTIF II
- Marshall STANMORE III
- Marshall WOBURN III
- MoerLabs EchoBeatz
- Sony CH-720N
- Sony Link Buds S
- Sony ULT Wear
- Sony WF-1000XM3
- Sony WF-1000XM4
- Sony WF-1000XM5
- Sony WF-C500
- Sony WF-C510-GFP
- Sony WH-1000XM4
- Sony WH-1000XM5
- Sony WH-1000XM6
- Sony WH-CH520
- Sony WH-XB910N
- Sony WI-C100
- Teufel Tatws2
If you own one of these devices, keep an eye out for firmware updates to be issued by the manufacturers. If you find your connection drops while using one of the above Bluetooth devices, restart the the device—it should automatically connect back to your phone/system.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.