
⚠️ Bluetooth Vulnerabilities Exposed: Hackers Could Spy on You! 🎧💔
2025-06-29
Author: Li
In a shocking revelation, security experts have uncovered vulnerabilities in Bluetooth chipsets that power a wide array of audio devices. These flaws could potentially allow hackers to spy through your microphone and access sensitive information.
The impacted devices include popular products from major brands like Beyerdynamic, Bose, Sony, and Jabra, among others. The list spans speakers, earbuds, headphones, and even wireless microphones, affecting over 29 different devices in total.
How Hackers Can Exploit These Flaws 🤖
According to researchers from the cybersecurity firm ERNW, these vulnerabilities were unveiled during the TROOPERS security conference in Germany. They have identified three significant weaknesses in Airoha systems on chips (SoCs), widely used in True Wireless Stereo (TWS) devices.
While the risks may sound daunting, the researchers noted that exploiting these vulnerabilities requires a high degree of technical skill and close physical proximity—essentially remaining within Bluetooth range.
Key Vulnerabilities Identified 🛡️
The identified vulnerabilities have been classified as follows: - **CVE-2025-20700**: Missing authentication for GATT services (Severity: Medium) - **CVE-2025-20701**: Missing authentication for Bluetooth BR/EDR (Severity: Medium) - **CVE-2025-20702**: Critical capabilities of a custom protocol (Severity: High) ERNW has even developed proof-of-concept exploit code demonstrating that they could access audio being played on these affected headphones.
The Alarming Possibilities 🚨
While individual attacks may not pose a threat to the average user, the implications are serious. Attackers could potentially hijack Bluetooth connections to issue commands to phones, such as initiating calls.
The researchers detailed how they were able to extract Bluetooth link keys from vulnerable devices, enabling them to make calls to arbitrary numbers and eavesdrop on conversations within earshot.
Is Your Device Affected? ❓
Although the researchers warned of severe attack scenarios, it should be noted that executing these attacks at scale is hampered by the need for both sophisticated skills and physical closeness. This confines such threats mainly to high-stakes environments like diplomatic missions, journalism, and sensitive industries.
In response to these alarming vulnerabilities, Airoha has released an updated SDK with necessary security measures, and manufacturers are actively working to develop and distribute patches.
Stay informed and ensure your devices are updated to protect against these potential exploits!