03/2025
We discovered a new vulnerability (CWE-287 related) in the Bluetooth authentication process of WH-1000XM5 in August 2024. We reported the new vulnerability to Sony via HackerOne.
Sony acknowledged the vulnerability in November 2024.
Sony released firmware with the applied patch as v2.4.1 in February 2025.
In March 2025, acknowledgments were published in both English and Japanese.
This vulnerability was discovered using our attack tool, Breaktooth, that we developed.
We made a conference presentation that included an explanation of this vulnerability at ICSS2025@Okinawa.
Our contributions have been selected as Sony's Hacker of the Month for March 2025 on HackerOne
I would like to express my gratitude to Associate Professor Hiroki Kuzuno, Professor Yoshiaki Shiraishi, and Professor Masakatu Morii (ES3 Lab, Kobe University) for their cooperation in investigating the vulnerability.