Security researchers have identified vulnerabilities in Airoha Bluetooth chips used in at least 29 devices from brands like Bose, Sony, JBL, and others, which could allow attackers to eavesdrop or access private data.
These flaws, disclosed by ERNW at the TROOPERS conference, affect headphones, speakers, and earbuds and involve missing authentication mechanisms and a vulnerable custom protocol. One of the more serious bugs (CVE-2025-20702) could let a nearby attacker hijack Bluetooth connections, place calls, access contact lists, and even listen in on conversations.
Exploiting these flaws requires physical proximity and advanced skills, making them more likely to be used in targeted attacks against high-profile individuals. ERNW demonstrated the ability to extract Bluetooth link keys and initiate calls from a compromised device.
Researchers also warned that, in some cases, the firmware could be modified to support remote code execution and spread across other devices. Airoha has released a patched SDK, but many device manufacturers have yet to issue firmware updates based on the fix.
Read more...