Top
Home » Technology

Indian Government Raises Security Risk Alert for Bluetooth Headphones

Technology
DC Correspondent
5 July 2025 6:24 PM IST

The Airoha chipsets which power major audio product manufacturers such as Bose, Marshall, and JBL possess serious flaws which could allow any hacker within bluetooth range to access the device, listen into private conversations and even steal data like call history and contact logs.

Indian Government Raises Security Risk Alert for Bluetooth Headphones
x
Representational Image

With an increased technology usage comes an increased privacy and security risk, as bluetooth devices seem to become the latest targets for attackers. The Indian Computer Emergency Response Team (CERT) has issued an alert regarding major security risks for devices powered by the Airoha Systems-on-Chip (SoCs).

The Airoha chipsets which are currently used in 29 wireless audio devices from 10 major brands which include Bose, Marshall, Sony, JBL, Beyerdynamic, JLab, EarisMax, MoerLabs, Teufel, and Jabra reportedly possess serious flaws which could allow any hacker within a bluetooth range of about 10 meters to access the device, listen into private conversations and even steal data like call history and contact logs. Further, the firmware of the hacked devices can also be rewritten, allowing for remote access and introduction of malware that could then spread to other devices.

The CERT-In bulletin reads, “Multiple vulnerabilities have been reported in Airoha Bluetooth firmware, which could allow an attacker within Bluetooth range to read or write device RAM/flash, invoke Hands-Free Profile (HFP) commands on a paired phone, eavesdrop on microphone audio, steal call history and contacts, and potentially deploy wormable firmware."
The security risks were presented at this year’s TROOPERS Conference and documented by researchers at the German cybersecurity firm ERNW. Both Bluetooth Low Energy (BLE) and Bluetooth BR/EDR (Classic) protocols are vulnerable to these risks which are likely to affect all wireless products ranging from headphones, earbuds, speakers, and microphones.
The flaws have been identified as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, caused due to lack of bluetooth protocol authentication and weak proprietary control mechanisms. However, attackers can only exploit these vulnerabilities when in close proximity to the device, and require high-level expertise in order to cause any real harm.
The risk is still high, and Airoha has already released an SDK update containing firmware fixes on June 4th. Users still have to wait for their respective device manufacturers to offer these updates in their next scheduled cycle.
For now, CERT-In recommends being mindful of Bluetooth exposure in high-risk and crowded environments, and installing firmware updates as soon as they get released by manufacturers.

The article has been authored by Rishima Mosali, an intern at Deccan chronicle.
( Source : Deccan Chronicle )
technology 
India 
DC Correspondent
About the AuthorDC Correspondent

    Latest News

    Next Story
    X