Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Security firm Sentinel One has a deep dive into CVE-2025-20701 Here.
Heinze and Steinmetz said last year that both attacks gave attackers the power to do other malicious things, including retrieving call history and contacts, and making unauthorized calls. Most of these features depend on the hardware included, as functionality varies from platform to platform.
The devices affected by Airoha’s problems are not the only ones. In January, researchers revealed WhisperPairseveral vulnerabilities that allow an attacker to spoof connected Bluetooth devices Google Fast paircompany owner protocol. In addition to eavesdropping, attackers can exploit WhisperPair’s flaws to create geolocate devices. The crash affects more than a dozen devices from 10 manufacturers, including Sony, None, JBL, OnePlus, and Google itself.
There are few, if any, reports of Bluetooth vulnerabilities like this being used in the wild. The complexity of such attacks is usually quite high, and the attacker needs to be within Bluetooth range of the target while using it. People who think they may be targeted by such threats should turn off Bluetooth on devices whenever they are not needed, and remain aware of the risks when Bluetooth is turned on.
