1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This worrying Bluetooth security flaw could let hackers spy on yo

    From TechnologyDaily@1337:1/100 to All on Monday, June 30, 2025 19:45:08
    This worrying Bluetooth security flaw could let hackers spy on your device
    via microphone

    Date:
    Mon, 30 Jun 2025 18:33:00 +0000

    Description:
    A set of bugs can be used to pull a phone's contacts list, or even deploy malware on a Bluetooth device.

    FULL STORY ======================================================================Security
    researchers found three medium-severity flaws in Bluetooth SoCs When
    chained, they can be used to eavesdrop on conversations, and more Patches are being developed, so be on your guard

    Security researchers have uncovered three vulnerabilities in a Bluetooth chipset present in dozens of devices from multiple manufacturers.

    The vulnerabilities, they say, can be exploited to eavesdrop on peoples conversations, steal call history and contacts information, and possibly even deploy malware on vulnerable devices.

    However, exploiting the flaws for these purposes is quite difficult, so practical implementation of the bugs remains rather debatable.

    Get 55% off Incogni's Data Removal service with code TECHRADAR

    Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
    and protect your privacy from unwanted spam and scam calls. View Deal Difficult to pull off

    Security researchers ERNW recently found three flaws in the Airoha system on
    a chip (SoC), apparently widely used in True Wireless Stereo (TWS) earbuds.

    The SoC is allegedly present in 29 devices from different manufacturers, including a couple of high-profile names: Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel. Speakers, earbuds, headphones , and wireless microphones all seem to be affected.

    The bugs are now tracked under these CVEs:

    CVE-2025-20700 (6.7/10) - missing authentication for GATT services CVE-2025-20701 (6.7/10) - missing authentication for Bluetooth BR/EDR CVE-2025-20702 (7.5/10) - critical capabilities of a custom protocol

    The researchers said that a threat actor with a rather high technical skill set could, if they are within Bluetooth range, pull off an attack and hijack the connection between the phone and the Bluetooth device.

    They could then issue different commands to the phone, including initiating
    or receiving calls, or retrieving the phones call history and contacts.

    They could also successfully eavesdrop on conversations or sounds within earshot of the phone," they said. Ultimately, they said it was possible to rewrite the devices firmware and thus deploy different malware variants.

    But the attacks are difficult to pull off, which could mean that only
    advanced adversaries, such as state-sponsored threat actors, might try to abuse the flaws. In any case, Airoha released an updated SDK with a set of mitigations, which the manufacturers now started turning into patches.

    Via BleepingComputer You might also like Top Bluetooth chip security flaw could put a billion devices at risk worldwide Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-worrying-bluetooth-security-flaw-c ould-let-hackers-spy-on-your-device-via-microphone


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)