Recent discoveries have uncovered critical vulnerabilities in Airoha Bluetooth chipsets, widely used in audio devices from brands like Beyerdynamic, Bose, and Sony. These flaws could allow attackers to transform headphones into tools for eavesdropping and stealing sensitive information.
Researchers identified three vulnerabilities — labeled CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 — which require physical proximity to exploit. However, once accessed, they enable attackers to seize control of the devices, potentially exposing personal data such as call histories and contacts.
At the TROOPERS conference, a proof-of-concept (PoC) exploit was demonstrated, showcasing how hackers can intercept connections, initiate calls, use the Bluetooth profile to send commands to phones, and even listen to conversations or ambient sounds captured by the device’s microphone.
Also read:
- ChatGPT’s iPhone Downloads Surge, Nearly Matching Top Social Media Apps Combined
- Reddit Explores World ID Iris-Scanning Verification to Balance Anonymity and Authenticity
- Revolut’s Nik Storonsky Eyes Multibillion-Dollar Payday as Valuation Targets $150 Billion
In response, Airoha has released an updated SDK with fixes, and manufacturers have begun rolling out patches. However, many devices remain unupdated, leaving users vulnerable and highlighting ongoing security risks in the Bluetooth ecosystem.
