- Security researchers found three medium-severity flaws in Bluetooth SoCs
- When chained, they can be used to eavesdrop on conversations, and more
- Patches are being developed, so be on your guard
Security researchers have uncovered three vulnerabilities in a Bluetooth chipset present in dozens of devices from multiple manufacturers.
The vulnerabilities, they say, can be exploited to eavesdrop on people’s conversations, steal call history and contacts information, and possibly even deploy malware on vulnerable devices.
However, exploiting the flaws for these purposes is quite difficult, so practical implementation of the bugs remains rather debatable.
Difficult to pull off
Security researchers ERNW recently found three flaws in the Airoha system on a chip (SoC), apparently “widely used” in True Wireless Stereo (TWS) earbuds.
The SoC is allegedly present in 29 devices from different manufacturers, including a couple of high-profile names: Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel. Speakers, earbuds, headphones, and wireless microphones all seem to be affected.
The bugs are now tracked under these CVEs:
CVE-2025-20700 (6.7/10) – missing authentication for GATT services
CVE-2025-20701 (6.7/10) – missing authentication for Bluetooth BR/EDR
CVE-2025-20702 (7.5/10) – critical capabilities of a custom protocol
The researchers said that a threat actor with a rather high technical skill set could, if they are within Bluetooth range, pull off an attack and hijack the connection between the phone and the Bluetooth device.
They could then issue different commands to the phone, including initiating or receiving calls, or retrieving the phone’s call history and contacts.
They could also “successfully eavesdrop on conversations or sounds within earshot of the phone,” they said. Ultimately, they said it was possible to rewrite the device’s firmware and thus deploy different malware variants.
But the attacks are difficult to pull off, which could mean that only advanced adversaries, such as state-sponsored threat actors, might try to abuse the flaws. In any case, Airoha released an updated SDK with a set of mitigations, which the manufacturers now started turning into patches.
Via BleepingComputer
Leave a comment