Latest news with #BluetoothTWS

Business Standard

You might be spied on through your bluetooth audio devices, CERT-In warns

The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for Bluetooth TWS earbuds, speakers, and headphone users. In a recent alert, CERT-In said that Bluetooth audio devices powered by Airoha systems-on-chip (SoCs) are exposed to the risk of getting hacked and being turned into spying devices. As per the CERT-In advisory, by exploiting this vulnerability, attackers can hijack calls, spy on conversations happening nearby bluetooth devices, steal call history and contacts, and might also be able to completely take over the affected device. For the unaware, Airoha is a major supplier of Bluetooth audio chipsets (SoCs), widely used in True Wireless Stereo (TWS) earbuds and other audio devices by leading brands including Sony and JBL. Vulnerable devices Researchers from German cybersecurity firm ERNW have identified three critical vulnerabilities in Airoha chipsets. Their findings reveal that 29 audio products across 10 brands, including Bose, Sony, JBL, Jabra, Marshall, Beyerdynamic, JLab, EarisMax, MoerLabs, and Teufel, are impacted. The affected devices range from wireless headphones and earbuds to microphones and speakers. As per the German cybersecurity firm, these devices were confirmed to be vulnerable: Beyerdynamic Amiron 300 Bose QuietComfort Earbuds EarisMax Bluetooth Auracast Sender Jabra Elite 8 Active JBL Endurance Race 2 JBL Live Buds 3 Jlab Epic Air Sport ANC Marshall ACTON III Marshall MAJOR V Marshall MINOR IV Marshall MOTIF II Marshall STANMORE III Marshall WOBURN III MoerLabs EchoBeatz Sony CH-720N Sony Link Buds S Sony ULT Wear Sony WF-1000XM3 Sony WF-1000XM4 Sony WF-1000XM5 Sony WF-C500 Sony WF-C510-GFP Sony WH-1000XM4 Sony WH-1000XM5 Sony WH-1000XM6 Sony WH-CH520 Sony WH-XB910N Sony WI-C100 Teufel Tatws2 What risk does the vulnerability pose and what's the solution As per CERT-In, multiple vulnerabilities have been reported in Airoha bluetooth firmware, which could allow an attacker within Bluetooth range to read or write device RAM/flash, invoke hands-free profile (HFP) commands on a paired phone, eavesdrop on microphone audio, steal call history and contacts, and potentially deploy wormable firmware. Airoha has supplied an SDK update containing firmware fixes to all device manufacturers on June 4, CERT-In said. Each company is expected to release product specific firmware updates in their due time. Consumers can keep checking for the updates and install it as soon as it gets released to safeguard themselves against this vulnerability. In related news, earlier in June, CERT-In issued a security advisory for Google Chrome users on Windows, macOS, Linux, and older Android versions. According to the alert, vulnerabilities in these platforms could be exploited by attackers to gain unauthorised access to sensitive data, escalate privileges, or trigger denial-of-service attacks. The warning applies to all smartphones running the affected Android versions, regardless of the manufacturer. Users can safeguard themselves by updating Google Chrome to the latest version immediately.