Bluetooth Headphones Had a Security Wake‑Up Call in 2025

Most people update their phones. Some update their laptops. Almost nobody updates their headphones.

What You Actually Need to Know

In 2025, Bluetooth headphones became a real problem.

Researchers discovered serious security issues affecting many Bluetooth headphones, earbuds, speakers, and wireless microphones that use Airoha Bluetooth chips. Some devices exposed functions that could be misused if the device were vulnerable and not updated.

Photo by Akhil Yerabati on Unsplash

What could happen?

In simple terms, a nearby attacker could potentially:

• mess with your audio

• listen through your microphone

• hijack calls

• interact with your phone through Bluetooth features

• possible full takeover

• or, in rare cases, modify the device firmware

What this does not mean

• Not every headphone is affected

• No one can hack your headphones from across the internet

• An attacker must be physically close

• Real‑world attacks require technical skill

This is a proximity‑based issue, not a remote one.

---

Which brands were affected?

Researchers confirmed vulnerable devices from major brands, including:

• Bose

• Sony

• Jabra

• JBL

• Marshall

• Beyerdynamic

• JLab

• Teufel

• MoerLabs

• EarisMax

Specific models included Sony WH‑1000XM4/XM5/XM6, WF‑1000XM4/XM5, Bose QuietComfort Earbuds, Jabra Elite 8 Active, JBL Live Buds 3, and more.

A separate issue called WhisperPair affected devices using Google Fast Pair, including products from:

• Sony

• Jabra

• JBL

• Marshall

• Xiaomi

• Nothing

• OnePlus

• Soundcore

• Logitech

• Google

In that case, attackers within Bluetooth range could force‑pair with accessories and, in some cases, access microphones or track location.

---

Have all devices been patched?

No.
Not every brand has confirmed patches for every model.

• Airoha released fixes to manufacturers on June 4, 2025, but each company must release its own firmware update.

• WhisperPair researchers said many patches exist, but not all devices have updates available yet.

A patch in the supply chain does NOT mean your device is protected.
You must update the actual headphones or earbuds.

---

How to update your headphones

Below is the simplified version for everyday users. Each brand has its own app or update method.

• Apple AirPods → updates automatically when charging near an iPhone/iPad/Mac

• Sony → update through the Sony | Sound Connect app

• Bose → update through the Bose app or Bose updater website

• JBL → update through JBL Headphones or JBL Firmware Update

• Jabra → update through Jabra Sound+

• Marshall → update through the Marshall Bluetooth app

• Beyerdynamic → update through the beyerdynamic app or Update Hub

• JLab → update through the JLab app

• Nothing / CMF → update through Nothing X

• OnePlus → update through Bluetooth settings or HeyMelody

• Xiaomi / Redmi → update through Xiaomi Earbuds

• Soundcore / Anker → update through Soundcore

• Google Pixel Buds → update through Pixel Buds settings or the Pixel Buds app

---

What you should do right now

1. Update your headphone firmware

2. Install the official app for your brand

3. Avoid pairing in public places

4. Reject unknown pairing requests

5. Remove old paired devices

6. If you handle sensitive work (journalism, legal, healthcare, government), consider wired headphones for private conversations

---

The bottom line

Your headphones are no longer “just headphones.”
They’re small computers with microphones, chips, and software.

So treat them like any other smart device:

Update them. Check them. Don’t ignore them.

For more cybersecurity tips and updates, follow us.