IT security firm ERNW has identified critical vulnerabilities in Airoha Bluetooth chips, a key component for major headphone and earbud brands including Sony and Beyerdynamic. These flaws, stemming from an exposed custom protocol and missing authentication, allow attackers within Bluetooth range to remotely take over devices, read/write memory, eavesdrop, extract sensitive data, and potentially rewrite firmware. While Airoha has patched the vulnerabilities in its latest SDK, affected product vendors have not yet released firmware updates, posing significant security risks and potential reputational damage for companies reliant on Airoha's technology.
A significant cybersecurity vulnerability has been identified in Airoha's Bluetooth system-on-a-chip (SoC) products, creating a notable supply chain risk for major electronics vendors, including Sony. According to security firm ERNW, the flaws reside in a custom protocol exposed via BLE GATT and Bluetooth Classic, which critically lacks authentication. This allows an attacker within Bluetooth range to gain control over affected devices without pairing, enabling them to read and write to RAM and flash storage, eavesdrop on media, and potentially rewrite firmware for a wormable exploit. While Airoha has patched the vulnerability in its latest SDK, the primary risk has now shifted downstream to its customers. The report explicitly states that, to date, no vendors have released the necessary firmware updates to end-user products like headphones and earbuds. This inaction exposes companies like Sony to potential reputational damage, loss of consumer trust, and contingent liabilities until a patch is deployed, a risk reflected in the strongly negative sentiment score (-0.6) associated with the company.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.60
Ticker Sentiment
