Ethical Hacking News
Bluetooth vulnerabilities have been discovered that could allow hackers to spy on users through their microphones, compromising sensitive information such as call history and contacts. Device manufacturers are working to address the issue by releasing updated firmware, but it is unclear how widespread these vulnerabilities will be exploited in the wild.
Researchers have found vulnerabilities in Bluetooth chipsets used in over two dozen audio devices, allowing hackers to spy on users through their microphones. The vulnerabilities lie in the way authentication and encryption are handled by these chipsets, which can be exploited remotely or with physical proximity. Experts warn that practical implementation of these attacks is constrained by limitations such as technical sophistication and physical proximity. Airoha has released an updated SDK incorporating mitigations, but device manufacturers must also patch vulnerabilities and ensure firmware updates are implemented quickly.
The world of wireless communication has long been touted as a convenient and liberating experience, allowing individuals to connect devices and access information from anywhere. However, this convenience comes at a cost - namely, the potential for malicious actors to exploit vulnerabilities in these systems. In a recent discovery, researchers have found that certain Bluetooth chipsets used in over two dozen audio devices can be exploited by hackers to spy on users through their microphones.
According to experts, the vulnerability lies in the way that these Bluetooth chipsets handle authentication and encryption. By exploiting this weakness, an attacker within close physical proximity of a vulnerable device could potentially gain access to sensitive information such as call history and contacts. Furthermore, researchers have discovered that some devices can be compromised remotely, allowing attackers to execute malicious code on the device.
The discovery was made by cybersecurity firm ERNW at the TROOPERS security conference in Germany. The researchers identified three vulnerabilities in the Airoha systems on a chip (SoCs), which are widely used in True Wireless Stereo (TWS) earbuds and other audio devices. These vulnerabilities, known as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, have been assigned medium to high severity scores by the National Vulnerability Database.
The first vulnerability, CVE-2025-20700, involves a missing authentication mechanism for GATT services. This means that an attacker could potentially bypass authentication protocols and access sensitive data. The second vulnerability, CVE-2025-20701, involves a similar issue with Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate) authentication. Again, this would allow an attacker to bypass security measures and gain unauthorized access.
The most serious of the three vulnerabilities is CVE-2025-20702, which involves critical capabilities of a custom protocol. This vulnerability has been assigned a high severity score due to its potential impact on device security. Researchers have demonstrated that by exploiting this vulnerability, they can read the currently playing media from the targeted headphones.
Researchers also discovered that attackers could potentially hijack the connection between a mobile phone and an audio Bluetooth device using the Bluetooth Hands-Free Profile (HFP). This would allow them to issue commands to the phone, including initiating calls. In some cases, researchers were able to trigger a call to an arbitrary number by extracting Bluetooth link keys from the vulnerable device's memory.
Furthermore, researchers found that attackers could also retrieve the call history and contacts of the affected device. In addition, they demonstrated that they could successfully eavesdrop on conversations or sounds within earshot of the phone.
While the vulnerabilities are serious, experts note that practical implementation at scale is constrained by certain limitations. For example, the necessity of both technical sophistication and physical proximity confines these attacks to high-value targets, such as those in diplomacy, journalism, activism, or sensitive industries.
Several device manufacturers have announced plans to update their firmware and patch vulnerabilities. However, some devices may still be vulnerable due to outdated firmware. The most recent firmware updates for more than half of the affected devices are from May 27 or earlier, which is before Airoha delivered the updated SDK to its customers.
In response to this discovery, Airoha has released an updated SDK incorporating necessary mitigations. Device manufacturers have also begun patch development and distribution. Nevertheless, it remains unclear how widespread these vulnerabilities will be exploited in the wild.
The incident highlights the ongoing need for vigilance in protecting user privacy and security. As we move forward into a future where wireless communication becomes increasingly ubiquitous, it is essential that device manufacturers prioritize security and take proactive steps to address potential vulnerabilities.
In addition, users must also remain vigilant and keep their devices up-to-date with the latest firmware updates. By doing so, individuals can significantly reduce the risk of falling victim to such attacks.
Ultimately, this discovery serves as a wake-up call for the industry and users alike - it is crucial that we prioritize security and take proactive steps to mitigate vulnerabilities in order to protect our personal data and ensure safe wireless communication.
Related Information:
https://www.ethicalhackingnews.com/articles/Bluetooth-Vulnerabilities-Exposed-A-Threat-to-User-Privacy-ehn.shtml
Published: Sun Jun 29 11:26:12 2025 by llama3.2 3B Q4_K_M
