Danny Weber
15:55 30-12-2025
© RusPhotoBank
Researchers found Airoha-based Bluetooth headphones expose the RACE service, letting attackers read memory, steal pairing keys, and control your phone.
Researchers have uncovered a serious security threat in popular Bluetooth headphones long treated as a harmless accessory. The risk centers on Airoha chipsets used in models from brands such as Sony, JBL, Marshall, and Jabra. Inside these devices, the RACE service protocol—meant for factory diagnostics—was found to be active in retail units and left accessible without protection or authentication.
Because of this flaw, an attacker within Bluetooth range can connect to the headphones without the owner noticing. The research team showed they could read device memory, alter data, see what the user is listening to, and, in some cases, even switch on the microphone. The most troubling scenario involves extracting the Bluetooth pairing key and then masquerading as a trusted device to gain direct access to the smartphone.
At that point, it is no longer just a compromised accessory but the potential for remote control of the phone, including answering calls, triggering the voice assistant, and capturing ambient audio. The vulnerabilities have been assigned CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702. Experts note the issue could affect dozens of models given the broad use of Airoha chips, while the full list of impacted devices has not been disclosed. The very fact that a diagnostic pathway remained open in shipping products hints at how easily invisible defaults can become real-world risks—especially when users have no way to see or disable them.