Critical Bluetooth Vulnerabilities Expose Millions Of Devices To Eavesdropping And Hijacking Risks

In the realm of wireless technology, a sinister threat lurks, one that imperils the very sanctity of personal conversations. A team of security analysts at ERNW, comprising Dennis Heinze and Frieder Steinmetz, unearthed a multitude of critical security vulnerabilities in popular Bluetooth audio devices. These vulnerabilities, now publicly known, affect a wide array of products, including wireless headphones, earbuds, microphones, and speakers that utilize the Airoha Systems on a Chip component.

The compromised devices, often used in true wireless implementations, can be exploited by attackers within Bluetooth range, sans authentication. The prerequisites for such an attack are minimal, rendering a vast number of devices susceptible to compromise. The potential consequences of a successful exploit are dire, allowing attackers to siphon media data from audio devices, intercept microphone recordings, impersonate headphones to dispatch commands to paired smartphones, and eavesdrop on conversations.

Heinze and Steinmetz’s findings have prompted Airoha to release a software development kit, aimed at mitigating the vulnerabilities, identified as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702.