Researchers discovered WhisperPair, a serious vulnerability in Google Fast Pair that lets attackers control Bluetooth accessories, risking audio recording and location tracking. Learn about affected devices and protection tips.
© RusPhotoBank
Researchers have uncovered a serious vulnerability in Google Fast Pair technology that could affect owners of various devices, from Android smartphones to iPhones and Mac computers. Dubbed WhisperPair, this security hole allows an attacker to connect to your Bluetooth accessories and take full control of their functions. Malicious actors could play audio, record sound through the microphone, or track your location if the accessory supports Google Find Hub.
The vulnerability lies not in the phone or laptop but in the accessory itself. When a device attempts to connect to headphones or earbuds via Fast Pair, the protocol should ignore requests if the accessory isn't in pairing mode. However, many popular models fail to follow these rules, enabling a hacker to connect to the device within Bluetooth range without your knowledge.
Tested vulnerable devices include Google Pixel Buds (a patch has already been released) and Sony WH-1000XM models. Users of Apple accessories like AirPods or AirTags remain protected for now, as these don't use Fast Pair. Fixing the issue requires a firmware update for each specific device, which depends on the manufacturer. For many accessories, patches may arrive late or not at all.
WhisperPair highlights the dangers of overlooking Bluetooth device security. Even something as simple as connecting headphones can pose risks of surveillance or audio recording. Users are advised to check for firmware updates on their gadgets and limit connections to unknown accessories.