https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
> [...] these vulnerabilities allow attackers to fully take over the headphones via Bluetooth. No authentication or pairing is required. The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition. It is possible to read and write the device’s RAM and flash. [...] hijack established trust relationships with other devices, such as the phone paired to the headphones.