Bluetooth Security Flaws Expose Microphones to Hackers
▼ Summary
– Vulnerabilities in a widely used Bluetooth chipset (Airoha SoCs) affect 29 audio devices from 10 brands, enabling eavesdropping or data theft.
– Affected products include earbuds, headphones, speakers, and microphones from brands like Bose, Sony, and Jabra.
– Three vulnerabilities (CVE-2025-20700 to CVE-2025-20702) allow attacks like hijacking connections, extracting call history, or initiating calls via Bluetooth.
– Exploiting these flaws requires close proximity and high technical skill, limiting attacks to high-value targets like diplomats or journalists.
– Airoha released an updated SDK with fixes, but many affected devices still lack patches as their firmware predates the update.
Bluetooth security vulnerabilities have been discovered in multiple audio devices, potentially allowing hackers to hijack microphones and access sensitive data. Researchers identified flaws affecting products from major brands including Bose, Sony, Jabra, and JBL, spanning wireless earbuds, headphones, and microphones. These weaknesses could enable unauthorized access within Bluetooth range under specific conditions.
The vulnerabilities stem from Airoha system-on-chip (SoC) components, commonly used in True Wireless Stereo (TWS) devices. Cybersecurity experts at ERNW revealed three distinct security gaps during the TROOPERS conference in Germany. While exploiting these flaws requires technical expertise and close proximity, successful attacks could allow intruders to Intercept audio streams from connected devices.
The most severe vulnerability (CVE-2025-20702) carries a 7.5 CVSS score, classified as high risk. Attackers exploiting this flaw could potentially deploy self-propagating malware across vulnerable devices. However, real-world exploitation remains challenging due to the need for specialized knowledge and physical proximity to targets.Manufacturers have begun rolling out patches, though firmware updates for many affected devices predate Airoha’s security SDK release. Users of vulnerable products should check for latest firmware updates and limit Bluetooth usage in high-risk environments.
While everyday consumers face minimal immediate threat, individuals in sensitive professions, such as journalists or corporate executives, should exercise additional caution.Security analysts emphasize that while these vulnerabilities present concerning possibilities, widespread attacks remain unlikely due to technical barriers. Nevertheless, the discovery highlights ongoing Bluetooth security challenges in an increasingly wireless world.
(Source: BLEEPING COMPUTER)
