Sony And Bose Bluetooth Headphone Security Risk: Indian Govt Raises Major Alert For Millions
Use a Bluetooth headphone or earbuds? The Indian government has raised a major security warning related to the drivers that power these devices. Brands like Bose, Jabra, Sony and Marshall are some of the big names that are affected by this major risk that is linked to Airoha SoC that companies use to power their headphones and other audio products.
The alert comes via the Indian Computer Emergency Response Team or CERT-In with a high severity rating which demands immediate attention of millions who use headphones or TWS earbuds from these brands.
Bluetooth Security Risk: What Is The Issue?
The Airoha Bluetooth firmware is the actual victim of the vulnerability but the hardware is powering millions of wireless audio products available in the market. “Multiple vulnerabilities have been reported in Airoha Bluetooth firmware, which could allow an attacker within Bluetooth range to read or write device RAM/flash, invoke Hands-Free Profile (HFP) commands on a paired phone, eavesdrop on microphone audio, steal call history and contacts, and potentially deploy wormable firmware," the CERT-In bulletin notifies.
In simple words, if an attacker is able to bypass the issue, they can access any device connected to the affected headphones, listen to the conversations and even get hold of data like call history and contacts.
Airoha is well aware of the security vulnerability in its hardware and the company has already offered an SDK update with the firmware to secure all the devices. “Airoha supplied an SDK update containing firmware fixes to all device manufacturers on 4 June 2025, and each vendor is expected to release product-specific firmware updates in its next scheduled cycle," the note adds.
The Bluetooth Danger
Security risks are quite common these days with the advent of phones, laptops and other smart devices. Bluetooth headphones have become the latest target and issues like this invariably put millions at risk.
Experts quoted in this report, have pointed out that the security issues can be only exploited if the attacker is in the Bluetooth range with the speaker, TWS earbuds or headphones. And they need high-level expertise to really extract the details through these devices. We are hoping that manufacturers issue their latest patch to fix these issues and risks at the earliest.