security issues with Bluetooth headphones and earbuds based on Airoha SoC

[madires]

Media:
Zero-day: Bluetooth gap turns millions of headphones into listening stations - https://www.heise.de/en/news/Zero-day-Bluetooth-gap-turns-millions-of-headphones-into-listening-stations-10460704.html

Researchers:
Security Advisory: Airoha-based Bluetooth Headphones and Earbuds - https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/

In short, these devices expose a powerful custom protocol that allows manipulating the device by, for example, reading and writing RAM or reading and writing to the flash. We found this protocol to be exposed via BLE GATT to an unpaired attacker. It is also exposed as RFCOMM channel via Bluetooth BD/EDR (also known as Bluetooth Classic). Missing authentication for Bluetooth Classic allows an attacker to use this protocol without pairing with the device

They didn't disable the debugging interface?