Security researchers have discovered vulnerabilities affecting a Bluetooth chipset used in almost 30 audio devices from 10 brands, affecting speakers, headphones, TWS buds and even microphones. Three specific ones were identified, and while they are pretty critical, making use of them is said to be difficult.
BleepingComputer reports that researchers at cybersecurity company ERNW disclosed the vulnerabilities that are affecting the Airoha system on a chip (SoC). This chip is noted to be widely used in TWS buds, affecting devices by Bose, Sony, Marshall, Jabra, JBL and more.
On one hand, the vulnerabilities lets hackers hijack the connection between the affected device and the phone it is connected to. This then allows for things like pulling data like contacts and call history, or even eavesdrop on sounds in the vicinity and issuing commands to the phone.
But on the other, said hacker needs to be within Bluetooth range to make use of it. Even then, actively exploiting said vulnerabilities is said to require “a high technical skillset”. And for what it’s worth, the report also notes that Airoha has released an updated SDK with necessary mitigations, and the affected brands have started making and distributing patches for the vulnerabilities.
(Source: Bleeping Computer)
