Cybersecurity · Hardware Flaws

Hackers Could Listen Through Your Earbuds, Apple Just Patched One Brand

A Bluetooth flaw in a chip used by dozens of audio brands lets attackers eavesdrop nearby

Apple shipped a fix for Beats Studio Buds this week — but the same chip is inside earbuds from many other companies

📅 Updated June 21, 2026 ⏱ 8 min read
Attacker within ~10m range Sends crafted Bluetooth packet No pairing or password needed Connects silently to the earbuds EAVESDROPS Your earbuds (vulnerable) Airoha chip, used by many brands Microphone exposed before pairing Owner has no visible warning

A new bluetooth earbuds vulnerability made the rounds this week, and the headline is genuinely uncomfortable: a nearby attacker could listen through your earbuds’ microphone without ever touching them. Have you ever left your earbuds out of their case, lying on a desk, still searching for a pairing? That’s when the attack works.

On June 18, Apple released a firmware update for its Beats Studio Buds to patch the issue, which is tracked as CVE-2025-20701. The patch matters, but the bigger story is what it implies. The flaw lives in a Bluetooth chip made by Airoha, a subsidiary of MediaTek, that’s used in wireless earbuds from many other brands too. Apple patched one product. The chip itself ships in countless others.

Here’s what the vulnerability actually does, who’s at real risk, and the practical steps to take if you own wireless earbuds — even ones Apple didn’t make.

An attacker within Bluetooth range
could listen through a device’s microphone before it’s even paired

Apple’s own advisory, June 18, 2026
📊 The Vulnerability, By the Numbers
🔒
CVE-2025-20701
CVSS 8.8 (High severity)
Incorrect authorization flaw
📡
~10 meters
Required attacker proximity
typical Bluetooth range
🎧
Many brands
Airoha chips ship inside earbuds
across major audio brands
⚠️
3 CVEs total
Chained, attackers can hijack calls
read RAM, even dial out
Earbuds Vulnerability · 4 Things to Know
What’s Actually Going On
01

The flaw is in a chip, not just in Apple’s product

The cause

The vulnerability sits in the Airoha Bluetooth audio SDK — software running on chips made by Airoha, a MediaTek subsidiary. These chips are widely used across the true wireless stereo (TWS) earbud market, supplied to many audio brands rather than just one. Apple’s Beats Studio Buds happen to be one product affected; they’re not the only product on the market that uses Airoha silicon.

Researchers Dennis Heinze and Frieder Steinmetz of the German cybersecurity firm ERNW originally disclosed the flaw, along with two related issues, at the TROOPERS security conference in 2025. The CVE was formally assigned, and Apple’s June 18 advisory finally pushed a fix to its Beats line. Beats Firmware Update 1B211 is the patched version.

For owners of earbuds from other brands using the same chip, the situation depends on how quickly each manufacturer ships its own firmware update. The fix is technically straightforward — but only after a vendor publishes and pushes it.

What to check

If you own a recent pair of wireless earbuds, search the manufacturer’s support site for “Airoha” or “CVE-2025-20701” to see whether your product is affected and whether a firmware update has been issued.

02

The attack works without pairing, password, or warning

How it works

The flaw is technically described as a missing authentication weakness in the Bluetooth BR/EDR radio. In practical terms, an attacker within Bluetooth range can connect to a vulnerable pair of earbuds while they’re actively searching for a pairing, without needing the owner’s password, PIN, or any prior link. Once connected, the attacker can access audio-related services — including the microphone.

This works because the chip mishandles authentication during the pairing handshake. ERNW’s published demonstrations showed attackers initiating calls, eavesdropping on nearby conversations, retrieving call history, and even reading the device’s memory after chaining together the related CVEs (CVE-2025-20700 and CVE-2025-20702).

The realistic attacker profile is someone with specialized knowledge, custom tooling, and physical proximity — not a casual hacker on a coffee shop Wi-Fi. But the researchers explicitly noted that the flaws pose a real risk to high-value targets like journalists, executives, government officials, and anyone who routinely discusses sensitive information near a pair of unpatched earbuds.

What to check

The exposure window is when earbuds are out of the case and actively seeking a pairing partner. Keeping them in the charging case when not in use is a simple, effective reduction of the attack surface.

03

Apple’s fix is automatic, but only if you do this

Practical steps

For Beats Studio Buds owners specifically, the fix is Beats Firmware Update 1B211, and it ships automatically over Bluetooth when the earbuds are paired with — and within Bluetooth range of — an updated iPhone, iPad, or Mac. You don’t need to manually trigger anything, but you do need to actually use your earbuds with a paired Apple device for the update to install.

To verify the patch is installed, go to Bluetooth settings on your iPhone or iPad (or System Settings → Bluetooth on a Mac), tap the info button next to your Beats Studio Buds, and check the firmware version. If it doesn’t show 1B211, put the earbuds in their case, place the case on a charger, and keep the paired Apple device nearby. The update typically completes in the background within a few hours.

If you’ve been using your Beats Studio Buds only with non-Apple devices, the firmware push may not have reached them. Pairing them once to an updated iPhone or Mac is the simplest way to get the patch delivered.

What to check

Check the firmware version in Bluetooth settings. Anything below 1B211 means the patch hasn’t installed yet. Charge in case, keep an Apple device nearby, and wait for the auto-update.

04

The bigger issue is supply chain transparency

What it reveals

The deeper story isn’t really about one set of earbuds. It’s about the fact that most consumers have no way to know what chip is inside their wireless audio devices, who supplied it, or how quickly the brand they bought from will respond when a flaw is found in that supplier’s silicon.

Airoha chips are a widely-used standard in budget and mid-tier TWS earbuds. A vulnerability in their SDK potentially affects products from many brands, but tracking down which exact models are vulnerable, and which have shipped patches, requires technical knowledge most buyers don’t have. There’s no centralized registry, no consumer-friendly dashboard, no automatic warning.

This pattern — one vulnerable component, dozens or hundreds of affected products, patches that arrive at different speeds — is becoming the default in consumer electronics security. Bluetooth, smart home devices, and even some smart appliances all share the same structural problem.

What to check

Before buying wireless earbuds in the future, look for brands that publish security advisories and ship firmware updates routinely. It’s not glamorous, but it’s the single most predictive sign of how a vendor will handle the next disclosed flaw.

🕐 How the Vulnerability Surfaced
June 2025

ERNW researchers disclose the flaw

Dennis Heinze and Frieder Steinmetz of ERNW GmbH present three related Bluetooth vulnerabilities in Airoha SoCs at the TROOPERS security conference in Germany.

Dec 2025

Testing toolkit goes public

Researchers publish a testing toolkit and technical documentation, demonstrating how affected devices could be impersonated, used to trigger voice assistants, and abused for eavesdropping.

June 18, 2026

Apple ships Beats Firmware Update 1B211

Apple’s advisory confirms an attacker within Bluetooth range could listen through the microphone of a Beats Studio Buds device actively searching for pairing. Patch rolls out automatically via paired Apple devices.

Now

Other vendors still under review

The same Airoha SDK ships in many other earbud brands. Each manufacturer is on its own timeline to ship a fix; some have, many haven’t issued public updates yet.

Deep Insight
Why Consumer Bluetooth Security Keeps Falling Short
INSIGHT

Wireless earbuds are a textbook example of how the modern consumer electronics supply chain hides risk. A buyer looks at a brand name, a logo, and a price tag. The actual silicon inside — the part most likely to have security flaws — is sourced from a small number of upstream suppliers most consumers have never heard of. When a flaw appears in that supplier’s code, every downstream brand inherits the problem, but each brand patches at its own speed.

This Bluetooth earbuds vulnerability is a relatively benign case. The realistic threat model is high-value targeted attacks rather than mass exploitation, and the patch is genuinely available for at least one major affected product. But the structural pattern — one vulnerable chip, many affected products, fragmented patching — is the same one that’s caused much bigger problems in IoT devices, smart cameras, and connected appliances over the past decade.

The reasonable consumer response isn’t paranoia. It’s a habit shift: keep earbuds in their case when unused, register your devices for firmware updates, and learn which brands actually publish security advisories versus which silently ignore them. The brands that publish are not necessarily the most popular ones — but they’re consistently the ones that ship patches when problems are found.

Key Takeaways

✅ Bluetooth Earbuds Vulnerability, 4 Things to Remember

1
The flaw is in a chip, not in Apple’s product — Airoha’s Bluetooth SDK ships in many brands of wireless earbuds
2
Attacker needs to be nearby — roughly within Bluetooth range, while your earbuds are out of case and seeking pairing
3
Apple’s patch is automatic — Beats Firmware Update 1B211, delivered over Bluetooth via a paired Apple device
4
Other brands are on their own timeline — same chip, no guarantee of equally fast patching, check your manufacturer’s advisory
💬 Frequently Asked Questions
Q. Does this bluetooth earbuds vulnerability affect AirPods?
Apple’s June 18 advisory specifically lists Beats Studio Buds as affected and patched by Beats Firmware Update 1B211. AirPods are not listed as affected products in this advisory because they use Apple’s own custom audio chips rather than the Airoha SoC at the center of this disclosure. That said, security updates for AirPods are handled separately and worth installing whenever your paired Apple device offers them.
Q. How do I check if my Beats Studio Buds are patched?
On a paired iPhone or iPad, open Settings → Bluetooth, tap the info button next to your Beats Studio Buds, and look at the firmware version. If it shows 1B211 or later, the patch is installed. If not, put them in their case, place the case on a charger, and keep your iPhone, iPad, or Mac nearby for a few hours. The firmware updates over Bluetooth in the background.
Q. How serious is this bluetooth earbuds vulnerability for the average person?
For most users, the realistic risk is low. The attack requires specialized tooling, knowledge of the target’s hardware, and physical proximity within roughly 10 meters. ERNW’s researchers explicitly framed the highest risk as targeted attacks against journalists, executives, and government officials — not mass exploitation of ordinary users. Still, installing the patch is the right call once it’s available for your earbuds.
Q. What if my earbuds aren’t Beats — should I worry?
If your wireless earbuds use the same Airoha chip family, they may be vulnerable until the manufacturer ships its own firmware update. Search the brand’s support pages for any reference to CVE-2025-20701, CVE-2025-20700, or CVE-2025-20702. In the meantime, keeping earbuds in their case when unused is a simple, effective way to reduce the exposure window since the attack requires the earbuds to be actively searching for pairing.
✍️
Editor’s Note. This article reflects publicly available advisories and research as of June 21, 2026. Firmware update availability for non-Apple brands varies and may change as more manufacturers respond to the disclosed vulnerabilities. Always verify patch status directly with your device’s manufacturer.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top