Several Bluetooth audio devices from companies like Sony, Anker, and Nothing are susceptible to a new flaw that can allow attackers to listen in on conversations or track devices that use Googleâs Find Hub network, as reported by Wired.
Researchers from KU Leuven Universityâs Computer Security and Industrial Cryptography group in Belgium discovered several vulnerabilities in Googleâs Fast Pair protocol that can allow a hacker within Bluetooth range to secretly pair with some headphones, earbuds, and speakers. The attacks, which the researchers have collectively dubbed WhisperPair, can even be used on iPhone users with affected Bluetooth devices despite Fast Pair being a Google-specific feature.
Fast Pair streamlines Bluetooth pairing and lets wireless audio accessories connect to Android or Chrome OS devices by simply tapping them together. But the researchers found that many devices donât implement Fast Pair correctly, including a Google specification that says Fast Pair devices shouldnât be able to connect to a new device while already paired to another.
The researchers tested their WhisperPair attacks on over two dozen Bluetooth devices and were successful in hacking 17 of them. They were able to play their own audio through the compromised headphones and speakers at any volume, intercept phone calls, and even eavesdrop on conversations using the devicesâ microphones.
A more serious issue was found to affect five Sony products and Googleâs Pixel Buds Pro 2. If the devices werenât previously connected to an Android device and linked to a Google account (which isnât required when using them with iPhones), WhisperPair could be used to pair and link them to a hackerâs Google account that would be recognized as the deviceâs owner. That would allow a hacker to use Googleâs Find Hub network to track the userâs location and movements through their headphones, assuming smartphone notifications warning that a device was tracking them were dismissed as errors.
The researchers reported their findings to Google in August 2025. The company then recommended fixes to its âaccessory OEM partnersâ in September and updated its certification requirements to mitigate similar issues going forward. âWe worked with these researchers to fix these vulnerabilities, and we have not seen evidence of any exploitation outside of this reportâs lab setting,â Google spokesperson Ed Fernandez says in a written statement to The Verge.
The recommended fixes resolve all the Fast Pair issues once a software update has been installed, but Google implemented an additional Find Hub network update to prevent WhisperPair from being used to track certain Bluetooth devices that havenât been patched. The researchers told Wired it only took them a few hours to bypass that patch and continue their tracking. According to Fernandez, the researchers used âold/not updated accessory OEM firmware in order to execute their workaround,â and Google is âlooking into the bypass for this additional fix,â which was only submitted earlier this week.
The Fast Pair feature canât be disabled, so the only way to protect against WhisperPair attacks is for users to install firmware updates released by manufacturers that resolve the vulnerabilities. The Verge reached out to all the manufacturers with affected hardware to confirm the progress of fixes. Spenser Blank, the head of marketing & communications for OnePlus North America, told The Verge in a written statement that the company âtakes all security reports seriouslyâ and that itâs âcurrently investigating this matter and will take appropriate action to protect our usersâ security and privacy.â
We will update this story as other companies respond.
Read the full article here
