Indian govt warns of Bluetooth flaws in TWS earbuds, speakers and headphones: Why it could be dangerous and tips for safety

Bluetooth

India’s cybersecurity watchdog CERT-In has issued a high-risk alert over critical Bluetooth vulnerabilities affecting a wide range of audio devices powered by Airoha Systems-on-Chip (SoCs). According to the advisory, the flaws could allow attackers to hijack calls, spy on conversations, steal call history and contacts, and in some cases, completely take over the affected device.

Security researchers at German cybersecurity firm ERNW disclosed three serious vulnerabilities in Airoha chipsets, confirming that 29 audio devices from 10 brands — including Bose, Sony, JBL, Jabra, Marshall, Beyerdynamic, JLab, EarisMax, MoerLabs, and Teufel — are affected. These include wireless headphones, earbuds, microphones, and speakers.

The flaws, identified as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, stem from missing authentication in Bluetooth protocols and weaknesses in a proprietary control mechanism.

Why it’s dangerous

As already mentioned, successful exploitation allows an attacker to impersonate a Bluetooth audio device, hijack ongoing calls, and issue commands to a paired phone using the Hands-Free Profile (HFP). In real-world testing, researchers were able to trigger phone calls, spy on nearby conversations, and extract private data like call logs and contacts.

More concerning is the potential for attackers to rewrite the firmware of vulnerable devices, enabling persistent remote access or deploying malware that could spread to other nearby devices.

Airoha released an SDK update with fixes on June 4, but several affected devices had last received updates before that date. CERT-In recommends that users install firmware updates as released by device manufacturers and limit Bluetooth exposure in high-risk environments.