Update your Bluetooth headphones now: Google Fast Pair “WhisperPair” bug risks eavesdropping and tracking
Researchers from Belgium’s KU Leuven have revealed a series of attacks dubbed “WhisperPair” targeting vulnerabilities in certain Bluetooth audio devices using Google’s Fast Pair feature. The flaws let attackers nearby connect without permission, hijack audio streams, and sometimes even convert the devices into location-tracking tools. Researchers revealed to WIRED that they uncovered security flaws in 17 Fast Pair audio devices across 10 brands, such as Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google. KU Leuven’s Sayon Duttagupta claimed, “In less than 15 seconds, we can hijack your device.”