Around 29 devices from companies like Sony, Bose, Jabra, and JBL are affecte by a series of Bluetooth vulnerabilities that allow hackers to listen through your microphone.
At the TROOPERS security conference in Germany, researchers at cybersecurity company ERNW disclosed three vulnerabilities in the Airoha systems on a chip (SoCs), which are widely used in True Wireless Stereo (TWS) earbuds.
The issues are not critical and besides close physical proximity (Bluetooth range), their exploitation also requires “a high technical skill set.” They received the following identifiers:
- CVE-2025-20700 (6.7, medium severity score) - missing authentication for GATT services
- CVE-2025-20701 (6.7, medium severity score) - missing authentication for Bluetooth BR/EDR
- CVE-2025-20702 (7.5, high severity score) - critical capabilities of a custom protocol
Don’t expect that your bluetooth speaker or headphones can be remotely attacked in your home. These attacks require close proximity and high technical expertise. Unless you are vulnerable to targeted attacks, your Bluetooth device should remain okay to use in private spaces.
While such an attack may not present a great risk, other scenarios leveraging the three bugs could let a threat actor hijack the connection between the mobile phone and an audio Bluetooth device and use the Bluetooth Hands-Free Profile (HFP) to issue commands to the phone.
“The range of available commands depends on the mobile operating system, but all major platforms support at least initiating and receiving calls” - ERNW
The researchers were able to trigger a call to an arbitrary number by extracting the Bluetooth link keys from a vulnerable device’s memory.
They say that depending on the phone’s configuration, an attacker could also retrieve the call history and contacts.
They were also able to initiate a call and “successfully eavesdrop on conversations or sounds within earshot of the phone.”
Furthermore, the vulnerable device’s firmware could potentially be rewritten to enable remote code execution, thereby facilitating the deployment of a wormable exploit capable of propagating across multiple devices.
Do you think we should have a conversation about Bluetooth devices? I am debating whether it’s worth even owning them in the first place, but it is almost difficult to avoid with headphone jacks disappearing.