Bluetooth Flaw Alert: CERT In Warns Users of Risk in Popular Audio Gear

India’s Computer Emergency Response Team (CERT‑In) has issued a high‑risk advisory after German security firm ERNW uncovered three critical Bluetooth weaknesses in Airoha System‑on‑Chips powering many wireless earbuds, headphones, microphones and speakers. The bugs—CVE‑2025‑20700, CVE‑2025‑20701 and CVE‑2025‑20702—arise from missing authentication checks and gaps in a proprietary control protocol. An attacker in radio range can pose as a trusted headset, hijack active calls, listen to private conversations, trigger new calls, steal call logs and contacts, or even overwrite device firmware for permanent remote access and malware delivery.

At least twenty‑nine models from ten leading brands, including Bose, Sony, JBL, Jabra, Marshall, Beyerdynamic, JLab, Teufel, EarisMax and MoerLabs, are confirmed vulnerable, putting millions of Indian users at risk. Airoha released a patched software development kit on 4 June 2025, but many products have not yet received consumer firmware updates.

CERT‑In urges users to check their manufacturer’s support pages regularly, install new firmware immediately when offered, disable Bluetooth in crowded or unfamiliar locations, and delete unused pairings to shrink the attack surface. Manufacturers should accelerate over‑the‑air patches, inform customers of the danger, and enterprise IT teams should audit fleet devices promptly.

Source: Moneycontrol