• vendor of bluetooth chip used in sony, bose, and everyone else's headphones leaves debugging protocol completely open with no authentication over bluetooth low energy

uh oh:

• remotely connect to headphones over thus protocol without needing a pairing interaction
• dump "now playing" data
• connect audio stream and eavesdrop
• dump your phone number
• brick the headphones
• dump the pairing key used to make your phone recognize your headphones as your headphones, and then impersonate your headphones

and that's when the REAL fun starts:

• talk to your voice assistant remotely
• make and manage calls while your phone is in your pocket
• eavesdrop from your phone microphone (by making you call them and then dropping the bluetooth connection so your phone switches to builtin mic)
• steal your whatsapp from 10ft away (since they have your phone #, the ability to accept the "we'll call and verify it's you" phone call before your phone starts vibrating, and the ability to listen and hear the code)
• steal your amazon (since you can login thru a phone number and a whatsapp confirmation code)