A group of researchers discovered security flaws in a Bluetooth chip used in more than 20 audio devices from different brands. These flaws could allow someone to listen in on your conversations or steal personal information without you realizing it.
Among the affected devices are 29 models from well-known brands such as Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel. The list includes all kinds of gadgets: speakers, headphones, earphones, and wireless microphones.
The problem is serious because, if you have one of these devices and are within range of an attacker, they could take control of the device. On some phones, they may even be able to access your call history and contacts, all without you noticing.
Spying via Bluetooth: Yes, it's possible (although not that easy)
During the TROOPERS security conference in Germany, a group of researchers from the cybersecurity company ERNW revealed three flaws in some very common Bluetooth chips, especially in True Wireless Stereo headphones (the typical TWS we use every day).
These chips, known as Airoha SoCs, are quite popular, but we now know that they have some vulnerabilities. The good news is that they are not critical flaws and exploiting them is not easy: in addition to being physically close to the device (within Bluetooth range), the attacker would need to have fairly advanced technical knowledge.
The flaws are registered with these technical identifiers (in case you are interested in the details):
-
CVE-2025-20700 (medium risk, 6.7): does not require authentication for certain Bluetooth services.
-
CVE-2025-20701 (medium risk, 6.7): same as above, but affects another type of Bluetooth connection (BR/EDR).
-
CVE-2025-20702 (highest risk, 7.5): allows access to sensitive functions of a custom protocol.
The experts even managed to create a small test program with which they could see which song was playing on the test headphones. Although this is not total espionage, it shows that it is possible to intercept data without the user knowing.
Although this type of attack does not seem so dangerous at first glance, ERNW researchers warned that by combining the three vulnerabilities discovered, an attacker could intercept the connection between your phone and Bluetooth headphones. The result? Using the hands-free profile (HFP) to send commands directly to the phone, as if they were your own headphones.
“The commands available depend on the operating system, but in all cases you can at least make or receive calls,” explained ERNW.
During testing, researchers were able to initiate a call to any number after extracting Bluetooth pairing keys from the memory of an affected device. But that's not all: if the phone has certain settings, they could also access call history and contacts.
And yes, they also managed to listen to conversations picked up by the phone's microphone, simply by forcing a call with the compromised device nearby. In short, the attacker can not only make calls from your mobile phone, but can also use it to spy on you.
In addition, experts discovered that it is possible to modify the firmware of the affected device to execute code remotely. This opens the door to an even more disturbing scenario: worm-type malware that spreads from one device to another automatically.
But... is it really that easy?
No. Although it all sounds quite worrying, these attacks are not easy to carry out.
“Yes, the idea that someone could hijack your headphones, impersonate them, and control your phone sounds quite alarming,” the researchers acknowledge.
“And yes, technically it's serious,” they add. But they also make it clear that “actual attacks are complex and require advanced technical skills.”
In addition, you have to be physically close to the target to exploit the vulnerabilities, which greatly limits the scope of the problem. That's why these attacks are more targeted at high-profile individuals, such as diplomats, journalists, activists, or employees in sensitive sectors.
What is being done about it?
Airoha, the manufacturer of the vulnerable chips, has already released an updated SDK (development kit) that includes security fixes. Device manufacturers are already working on patches and firmware updates to fix the problem.
However, there is one important detail: according to the German publication Heise, more than half of the affected devices still do not have updates after May 27, which was before Airoha delivered the SDK with the fixes. In other words, although solutions exist, they have not yet reached most users.