January 1, 2026

Pair and Beware

Article URL →HN comments →

Bluetooth Headphone Jacking: A Key to Your Phone [video]

Your pricey earbuds could unlock your phone—cue chaos and 'bring back the jack'

TLDR: Researchers showed popular Bluetooth earbuds can be hacked to unlock and attack your phone. Comments erupted with “told you so” about Bluetooth, blame for removing headphone jacks, premium-brand outrage, and a Kamala Harris shoutout—making security vs convenience the internet’s latest earbud war.

Two researchers, Dennis Heinze and Frieder Steinmetz, dropped a holiday bombshell at the Chaos Computer Congress: three bugs (CVE-2025-20700–20702) in Airoha chips used in big-name earbuds and headphones like Sony WH‑1000XM5/XM6 and Marshall can let attackers take over the gadget and even poke at your phone. Because phones treat paired headphones like trusted friends, a hijacked pair can act like a key. They’re releasing tools to check your gear, and the demo in the talk shows the scary part: complete device compromise is not just a buzz phrase.

Comments lit up. One camp cries “overhype?” while another yells “finally, proof Bluetooth is a mess,” name‑checking OpenBSD’s long‑standing refusal to support Bluetooth. Premium buyers are salty: “Sony has no excuses.” The “no headphone jack” saga returned like a sequel, with Apple blamed and quips like “the gift that keeps on giving” and “bring back the jack.” Even politics crashed the party: a user cites VP Kamala Harris saying she won’t use wireless because “they’re not safe.” Memes rolled in—“AirPwned,” “pair and beware,” and “your earbuds are your phone’s worst roommate”—as the thread devolved into a battle of convenience vs caution. And yes, everyone’s checking which models they own.

Key Points

  • Three vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) were found in Airoha Bluetooth audio chips.
  • The flaws can enable complete compromise of Bluetooth headphones/earbuds.
  • Compromised peripherals can be used to attack paired devices (e.g., smartphones) via trust relationships.
  • The talk covers vulnerability overviews, demonstrations of impact, and generalization to peripheral risks.
  • Tooling will be released to help users check affected devices; affected vendors include Sony, Marshall, and Beyerdynamic.

Hottest takes

"either they're overhyping it, or it sounds interesting and significant" — swores
"It’s a messy standard ... Sony WH1000’s are premium tier hardware and they have no real excuses.." — dijit
"Meanwhile all the phones dropping jack because Apple started it" — p0w3n3d

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.