If you are an active user of Bluetooth-based earbuds and speakers, then this warning is for you. The Indian cybersecurity agency CERT-In has issued a high-severity alert (CIVN-2025-0140) warning users about multiple vulnerabilities in Airoha Bluetooth chips. What’s the issue with them? These flaws could allow hackers to access Bluetooth audio devices, spy on conversations, hijack calls, or even control the device remotely. The risks are particularly high for users of Bluetooth headphones, speakers, and car infotainment systems powered by Airoha Systems-on-Chip (SoCs).
So whether you are using Bluetooth earbuds or speakers from big brands such as Sony, Bose, Sennheiser, Boat, or others, the risk is there.
What’s the Issue?
CERT-In says the vulnerabilities exist in the Bluetooth firmware of Airoha SoCs. Attackers within Bluetooth range can exploit these gaps to read or write device memory, listen through the device’s microphone, steal call history or contacts, or inject malicious commands. The flaws stem from a lack of proper authentication in the GATT service (used for Bluetooth communication) and the Bluetooth BR/EDR protocol, along with an issue in a custom protocol used by Airoha.
In simple terms, a nearby hacker could connect to a vulnerable Bluetooth device and take control without the user knowing.
What can happen? The potential damage can be eavesdropping on private conversations via your Bluetooth headset or speaker, call hijacking by triggering commands on your connected phone, or data theft like stealing your contacts or call history. Not only that, Firmware takeover, where a hacker could install malware to spread to other devices — much like a worm. Because Airoha chips are widely used in Bluetooth audio gear from many brands, this issue affects a large number of users.
What Should You Do?
Airoha has already released a software development kit (SDK) update with security patches to device manufacturers on June 4, 2025. You are advised to:
- Check for firmware updates for their Bluetooth devices.
- Install updates as soon as their device maker rolls them out.
- Avoid pairing devices in public places until updated.
Get latest Tech and Auto news from Techlusive on our WhatsApp Channel, Facebook, X (Twitter), Instagram and YouTube.
