- Security researchers found three average severity defects at Bluetooth socs
- When chained, they can be used to spy on conversations and more
- Patches are developing, so he is on guard
Security researchers have discovered three vulnerabilities in a Bluetooth chipset present in dozens of multiple manufacturers devices.
Vulnerabilities, they say, can be exploited to listen to people’s conversations, steal call history and contact information, and possibly even implement malware on vulnerable devices.
However, exploiting defects for these purposes is quite difficult, so the practical implementation of errors remains quite debatable.
Difficult to achieve
ERNW security researchers recently found three defects in the Airoha system in a chip (SOC), apparently “widely used” in true wireless stereo headphones (TWS).
The SOC is supposedly present in 29 devices of different manufacturers, including a pair of high profile names: Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, Earmax, Moerlabs and Teufel. The speakers, headphones, headphones and wireless microphones seem to be affected.
Errors are now tracking under these CVE:
CVE-2025-20700 (6.7/10) -Falta Authentication for GATT services
CVE-2025-20701 (6.7/10) -Charinging Bluetooth BR/EDR
CVE-2025-20702 (7.5/10) -Chritic chances of a personalized protocol
The researchers said that a threat actor with a set of quite high technical skills could, if they are within the Bluetooth range, achieve an attack and kidnap the connection between the phone and the Bluetooth device.
Then they could issue different commands on the phone, including the initiation or reception of calls, or recover the history of phone calls and contacts.
They could also “successfully listen to conversations or sounds to the phone,” they said. Ultimately, they said it was possible to rewrite the firmware of the device and, therefore, implement different malware variants.
But attacks are difficult to achieve, which could mean that only advanced adversaries, such as threat actors sponsored by the State, could try to abuse defects. In any case, Airoha launched an updated SDK with a set of mitigations, which manufacturers now began to become patches.
Through Bleepingcomputer
