- Security researchers found three medium-severity flaws in Bluetooth SoCs
- When chained, they can be used to eavesdrop on conversations, and more
- Patches are being developed, so be on your guard
Security researchers have uncovered three vulnerabilities in a Bluetooth chipset present in dozens of devices from multiple manufacturers.
The vulnerabilities, they say, can be exploited to eavesdrop on people’s conversations, steal call history and contacts information, and possibly even deploy malware on vulnerable devices.
However, exploiting the flaws for these purposes is quite difficult, so practical implementation of the bugs remains rather debatable.
Get 55% off Incogni’s Data Removal service with code TECHRADAR
Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.View Deal
Difficult to pull off
Security researchers ERNW recently found three flaws in the Airoha system on a chip (SoC), apparently “widely used” in True Wireless Stereo (TWS) earbuds.
The SoC is allegedly present in 29 devices from different manufacturers, including a couple of high-profile names: Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel. Speakers, earbuds, headphones, and wireless microphones all seem to be affected.
The bugs are now tracked under these CVEs:
CVE-2025-20700 (6.7/10) – missing authentication for GATT services
CVE-2025-20701 (6.7/10) – missing authentication for Bluetooth BR/EDR
CVE-2025-20702 (7.5/10) – critical capabilities of a custom protocol
The researchers said that a threat actor with a rather high technical skill set could, if they are within Bluetooth range, pull off an attack and hijack the connection between the phone and the Bluetooth device.
They could then issue different commands to the phone, including initiating or receiving calls, or retrieving the phone’s call history and contacts.
They could also “successfully eavesdrop on conversations or sounds within earshot of the phone,” they said. Ultimately, they said it was possible to rewrite the device’s firmware and thus deploy different malware variants.
But the attacks are difficult to pull off, which could mean that only advanced adversaries, such as state-sponsored threat actors, might try to abuse the flaws. In any case, Airoha released an updated SDK with a set of mitigations, which the manufacturers now started turning into patches.
Via BleepingComputer
You might also like
- Top Bluetooth chip security flaw could put a billion devices at risk worldwide
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.