Common Bluetooth devices may be highly vulnerable to security breaches, according to German cybersecurity company ERNW. At this year’s Troopers IT conference, the security provider reported its findings that three vulnerabilities exist in the Airoha chipset, commonly used in wireless Bluetooth headphones. This security risk affects devices made by several major manufacturers, including Sony, JBL, Marshall, Jabra, and Bose.
According to ERNW, these vulnerabilities mean that attackers within Bluetooth range could potentially eavesdrop, as well as steal sensitive information including call history and contacts from a connected phone. The good news is that, in addition to needing to be within Bluetooth range, any attacker would need to possess a “high technical skill set.”
“Yes — the idea that someone could hijack your headphones, impersonate them towards your phone, and potentially make calls or spy on you, sounds pretty alarming,” says ERNW. “But this kind of attack only makes sense for high-value targets: Journalists, diplomats, political dissidents, and people in sensitive industries.”
Anker issues another safety recall for five power bank models
ERNW notes that there is a blind spot in vulnerability management when it comes to the supply chain, as the same chipset is used in many different products, often under different brand names. Additionally, vendors may not disclose which chipset is used in any given product, and manufacturers may not patch devices that are sold at lower price points.
The cybersecurity company emphasizes that most people will not be at risk with these vulnerabilities, unless they fall into the categories above. Still, precautions can be taken. “If you see yourself under risk, and decide to wait for a patch until you use your headphones again, please ensure that you also remove the pairing between the headphones and your mobile phone.”
