Bluetooth Vulnerabilities in Airoha Chips: What IT Professionals Need to Know

Recent research at the TROOPERS security conference has uncovered serious vulnerabilities in Airoha Bluetooth chipsets present in over two dozen audio devices from ten manufacturers. This security flaw could allow hackers to eavesdrop on conversations and potentially steal sensitive information.

Key Details

• Who: Airoha Systems; impacted products include devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel.
• What: Three vulnerabilities, with varying severity levels, were discovered:
  • CVE-2025-20700: Missing authentication for GATT services (Medium)
  • CVE-2025-20701: Missing authentication for Bluetooth BR/EDR (Medium)
  • CVE-2025-20702: Critical capabilities of a custom protocol (High)
• When: Announced in early May 2025.
• Where: Related primarily to True Wireless Stereo (TWS) earbuds and similar audio devices.
• Why: Exploiting these vulnerabilities could allow attackers to hijack connections and access call history, contacts, and even eavesdrop on conversation.
• How: Attackers can execute social engineering attacks requiring technical skill and physical proximity, making them more feasible for high-value targets.

Why It Matters

These vulnerabilities pose significant risks regarding enterprise security and compliance, especially in industries dealing with sensitive data such as diplomacy and journalism. The ability to access personal information compromises user privacy and the integrity of corporate communications. The attack scenarios, while complex, indicate a need for heightened vigilance around Bluetooth device security.

Takeaway for IT Teams

IT professionals should review their organization’s use of Bluetooth devices and prioritize firmware updates to mitigate these vulnerabilities. Regular audits and risk assessments should also be conducted to ensure compliance with security standards. As device manufacturers are rolling out patches, it’s crucial to stay informed about the latest security measures to safeguard sensitive information.

For more curated news and infrastructure insights, visit TrendInfra.com.