Safety agency Sentinel One has a deeper dive into CVE-2025-20701 right here.
Heinze and Steinmetz mentioned final yr that the total chain of assaults gave attackers the flexibility to do different malicious issues, together with retrieving name historical past and contacts, and even calling arbitrary numbers. Lots of these capabilities are depending on the precise gadgets being paired, because the performance constructed into them differs from platform to platform.
Units affected by the Airoha vulnerabilities are in no way alone. In January, researchers disclosed WhisperPair, a sequence of vulnerabilities that enables an attacker to hijack Bluetooth gadgets related by way of Google Quick Pair, a proprietary protocol belonging to the corporate. Apart from eavesdropping, attackers can exploit the WhisperPair flaws to geolocate gadgets. The vulnerabilities have an effect on greater than a dozen gadgets from 10 producers, together with Sony, Nothing, JBL, OnePlus, and Google itself.
There are few, if any, stories of Bluetooth vulnerabilities like these being actively exploited within the wild. The complexity of such assaults is usually excessive, and an attacker has to repeatedly keep inside Bluetooth vary of a goal whereas using the exploit. Individuals who suppose they could be focused by such assaults ought to flip off Bluetooth in gadgets every time they’re not wanted, and stay conscious of the dangers when Bluetooth is enabled.
![How creators and entrepreneurs are utilizing AI to hurry up & succeed [data]](https://blog.aimactgrow.com/wp-content/uploads/2025/06/Untitled20design-Apr-07-2023-08-24-35-4586-PM-120x86.png)
