Bluetooth headphones are trusted, always-on, and everywhere. That makes them interesting attack targets.
We discovered three vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in widely used Airoha Bluetooth audio chips, enabling full compromise of affected headphones and earbuds.
This talk shows how compromised Bluetooth peripherals can be weaponized — not just against the headphones themselves, but as a stepping stone to attack paired smartphones, abusing long-standing trust relationships that most users and operating systems take for granted. The result is a reminder that even seemingly harmless peripherals can become powerful entry points, and that Bluetooth trust boundaries are often far weaker than assumed — with your most trusted peripherals potentially being your weakest link.
This session will be held by Dennis Heinze and Frieder Steinmetz.
Dennis is a Senior Security Researcher and Penetration Tester at ERNW Enno Rey Netzwerke GmbH. He holds a Master’s degree in IT Security from TU Darmstadt, with a focus on network and system security. Dennis has published multiple research works on Bluetooth security, including analyses of Bluetooth protocol implementations within the Apple ecosystem and research into the security properties of Bluetooth Auracast. At ERNW, his work primarily focuses on penetration testing of mobile and embedded devices, as well as the security of their communication channels and backend systems.
Frieder Steinmetz is a Senior Security Analyst at ERNW Enno Rey Netzwerke GmbH. He holds a Master’s degree in the security of embedded and cyber-physical systems from the Hamburg University of Technology. He has a strong background in cryptography and has published research on the security of encrypted messaging protocols, malicious USB devices, and Bluetooth security. At ERNW, his work focuses on penetration testing of embedded devices, as well as their backend communication and infrastructure. He also regularly delivers training on IoT security, RFID/NFC hacking, web application penetration testing, and secure communications.
Don’t miss this session if you want to understand how everyday Bluetooth devices can turn into real-world attack vectors.