Highly sophisticated threat actors could eavesdrop or pilfer sensitive data from several audio devices using Airoha systems on a chip impacted by a trio of flaws, which have already been addressed, reports BleepingComputer.
Twenty-nine earbuds, headphones, wireless microphones, and speakers are affected by the issues including the medium severity missing GATT service authentication vulnerability, tracked as CVE-2025-20700, the medium severity missing Bluetooth BR/EDR bug, tracked as CVE-2025-20701, and the high-severity custom protocol flaw, tracked as CVE-2025-20702 which could be exploited to take over devices' connection with mobile devices and facilitate command delivery via the Bluetooth Hands-Free Profile, according to ERNW researchers who presented a proof-of-concept exploit at the TROOPERS security conference in Germany. Researchers said that the PoC exploit enabled phone calls to arbitrary numbers and the compromise of call histories and contacts, while potentially allowing firmware modification for remote code execution. However, significant technical expertise and physical proximity are necessary for the attack to be effective, researchers added.
Twenty-nine earbuds, headphones, wireless microphones, and speakers are affected by the issues including the medium severity missing GATT service authentication vulnerability, tracked as CVE-2025-20700, the medium severity missing Bluetooth BR/EDR bug, tracked as CVE-2025-20701, and the high-severity custom protocol flaw, tracked as CVE-2025-20702 which could be exploited to take over devices' connection with mobile devices and facilitate command delivery via the Bluetooth Hands-Free Profile, according to ERNW researchers who presented a proof-of-concept exploit at the TROOPERS security conference in Germany. Researchers said that the PoC exploit enabled phone calls to arbitrary numbers and the compromise of call histories and contacts, while potentially allowing firmware modification for remote code execution. However, significant technical expertise and physical proximity are necessary for the attack to be effective, researchers added.
