Bugs: Earbuds from JBL, Sony, and Others Found to Have Bugs That Can Turn Them into Spy Devices
A recent report published by German security firm Ernw has revealed serious flaws in popular Bluetooth audio chips made by Taiwanese supplier Airoha. The vulnerabilities affect a vast range of products, from flagship noise-canceling headphones like the Sony WH-1000XM series and Bose QuietComfort Earbuds, to devices from Jabra, Beyerdynamic, and JBL.
The core issue lies in an unsecured custom protocol used by Airoha's Bluetooth chips. An attacker within Bluetooth range – roughly 10 meters – can access this protocol without needing to pair with an affected device or have any prior authentication. This gives them the ability to read and write to the device's memory and flash storage, effectively gaining complete control over the device.
In a proof-of-concept, researchers demonstrated several alarming attack scenarios. The most severe involves hijacking the trusted connection between the headphones and a smartphone. By extracting the Bluetooth link keys from the headphones, an attacker can impersonate the headset to the phone, then use the Hands-Free Profile (HFP) to control the phone.
The severity of this vulnerability cannot be overstated. Ernw suspects that all devices using affected Airoha chips are vulnerable, but it only tested and confirmed its suspicions on select devices. The complete list of verified devices includes:
- Sony WH-1000XM series
- Bose QuietComfort Earbuds
- Jabra products (including Elite 85h and Tune 600)
- Beyerdynamic products (including DT 240 and Amiron)
- JBL products (including Tune 500BT)
However, the researchers stress that for the average consumer, the risk is currently low. Executing such an attack requires significant technical skill and close physical proximity to the target. However, they warn it's a serious threat for high-value targets like journalists, diplomats, or corporate executives.
Airoha provided a patched software development kit (SDK) to manufacturers in the first week of June. However, it is now up to individual brands like Sony and Bose to build and distribute firmware updates for each affected product. It's largely up to individuals to do their own research on devices they own to determine if they are vulnerable.
One device that stands out from the list is the Samsung Galaxy Buds 3 Pro, which is currently priced at $189.99 on Amazon. Fortunately, this earbud appears to be impervious to the vulnerability reported by Ernw.
In conclusion, the discovery of these serious flaws in popular Bluetooth audio chips is a stark reminder of the importance of device security. As consumers, it's essential to stay informed about potential vulnerabilities and take steps to protect ourselves and our devices. In this case, Airoha has taken the first step by providing a patched SDK, but it's up to individual brands to follow through with firmware updates to ensure their products are secure.