Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information.
Researchers confirmed that 29 devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel are affected.
The list of impacted products includes speakers, earbuds, headphones, and wireless microphones.
The security problems could be leveraged to take over a vulnerable product and on some phones, an attacker within connection range may be able to extract call history and contacts.
Snooping over a Bluetooth connectionAt the TROOPERS security conference in Germany, researchers at cybersecurity company ERNW disclosed three vulnerabilities in the Airoha systems on a chip (SoCs), which are widely used in True Wireless Stereo (TWS) earbuds.
The issues are not critical and besides close physical proximity (Bluetooth range), their exploitation also requires "a high technical skill set." They received the following identifiers:
CVE-2025-20700 (6.7, medium severity score) - missing authentication for GATT services
CVE-2025-20701 (6.7, medium severity score) - missing authentication for Bluetooth BR/EDR
CVE-2025-20702 (7.5, high severity score) - critical capabilities of a custom protocolERNW researchers say they created a proof-of-concept exploit code that allowed them to read the currently playing media from the targeted headphones.
[...] Although the ERNW researchers present serious attack scenarios, practical implementation at scale is constrained by certain limitations.
"Yes — the idea that someone could hijack your headphones, impersonate them towards your phone, and potentially make calls or spy on you, sounds pretty alarming."
"Yes — technically, it is serious," the researchers say, adding that "real attacks are complex to perform."
The necessity of both technical sophistication and physical proximity confines these attacks to high-value targets, such as those in diplomacy, journalism, activism, or sensitive industries.
Airoha has released an updated SDK incorporating necessary mitigations, and device manufacturers have started patch development and distribution.
Nevertheless, German publication Heise says that the most recent firmware updates for more than half of the affected devices are from May 27 or earlier, which is before Airoha delivered the updated SDK to its customers.
« CISA, NSA Repeat Call for Memory Safe Programming Languages | Facebook is Starting to Feed its AI With Private, Unpublished Photos »
Related Stories
Upstart has processed the PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution the following story:
Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors.
The vulnerabilities, dubbed PerfektBlue, can be fashioned together as an exploit chain to run arbitrary code on cars from at least three major automakers, Mercedes-Benz, Volkswagen, and Skoda, according to PCA Cyber Security (formerly PCAutomotive). Outside of these three, a fourth unnamed original equipment manufacturer (OEM) has been confirmed to be affected as well.
"PerfektBlue exploitation attack is a set of critical memory corruption and logical vulnerabilities found in OpenSynergy BlueSDK Bluetooth stack that can be chained together to obtain Remote Code Execution (RCE)," the cybersecurity company said.
While infotainment systems are often seen as isolated from critical vehicle controls, in practice, this separation depends heavily on how each automaker designs internal network segmentation. In some cases, weak isolation allows attackers to use IVI access as a springboard into more sensitive zones—especially if the system lacks gateway-level enforcement or secure communication protocols.
The only requirement to pull off the attack is that the bad actor needs to be within range and be able to pair their setup with the target vehicle's infotainment system over Bluetooth. It essentially amounts to a one-click attack to trigger over-the-air exploitation.
"However, this limitation is implementation-specific due to the framework nature of BlueSDK," PCA Cyber Security added. "Thus, the pairing process might look different between various devices: limited/unlimited number of pairing requests, presence/absence of user interaction, or pairing might be disabled completely."
(Score: 5, Interesting) by pkrasimirov on Tuesday July 01, @09:53AM
If I am a high-profile target that is worried about leaking info, I would restrict myself from using many items that are otherwise daily stuff like smartphones, mostly anything wireless, cables should be shielded, talking only in secured areas, dedicated devices for dedicated purposes, multiple emails, proxies galore etc. etc. Having the next bluetooth or wifi or 5G or OS vulnerability is not exactly unexpected event.