- Security scientists found three deficiencies in the middle side of Bluetooth Socs
- Once tied they can be used to intercept conversations and more
- Patches developed, so be on your guard
Security researchers have revealed three vulnerabilities in a Bluetooth chipset present in dozens of devices from several manufacturers.
The vulnerabilities, they say, can be utilized to intercept people’s conversations, steal call history and contact information and possibly even implement malware on vulnerable devices.
However, utilizing the deficiencies for these purposes is quite difficult, so practical implementation of the errors remains rather debatable.
Hard to pull off
Security researchers Ernw recently found three shortcomings in the Airoha system of a chip (SOC), apparently “widely used” in real wireless stereo (TWS) earplugs.
SOC is reportedly present in 29 units from various manufacturers, including a few high -profile names: Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, JLAB, Earismax, Moerlabs and Teufel. Speakers, earplugs, headphones and wireless microphones all appear to be affected.
Bugs are now traced under these CVEs:
CVE-2025-20700 (6.7/10)-deficiency approval for GATT services
CVE-2025-20701 (6.7/10)-defending approval to Bluetooth Br/EDR
CVE-2025-20702 (7.5/10) -Ritic capabilities in a custom protocol
The researchers said that a threat actor with a rather high technical skill set could, if they are within Bluetooth, pull an attack and hijack the connection between the phone and the Bluetooth device.
They could then issue different commands to the phone, including initiating or receiving calls, or picking up the phone’s call history and contacts.
They could also “successfully intercept on conversations or sounds within the ear shot of the phone,” they said. In the end, they said it was possible to rewrite the device’s firmware and thus implement different malware variants.
But the attacks are difficult to pull off, which can mean that only advanced opponents, such as state -sponsored threat players, may be trying to abuse the shortcomings. In any case, Airoha released an updated SDK with a set of mackets that manufacturers now began to turn into patches.
Via Bleeping computer
