Wireless Earbuds and Headphones have become our everyday requirement, which give us the facility to separate from the world by connecting our phone immediately. However, a new discovered drawback called WhisperPair transforms these convenient devices into potential tools for attackers, who take advantage of Google’s Fast Pair system.
Many Bluetooth devices with Google Fast Pair are insecure ...
Millions of audio devices require a patch to stay safe from this problem ...
How does this hack work?
The attacker takes advantage of a drawback in which many earbuds and headphones fail to investigate an important security step during the Fast Pair process. This makes connections possible in a few seconds from a distance of 14 meters (about 46 feet), using devices such as laptops, phones, or Raspberry Pi. Once your device is accessed with or without your information, the attacker can do the following:
Play a fast voice to bother you
Turn on the microphone to listen
Track your location by using Google’s Find My Device (or Find Hub) Network, especially if the accessory has not been paired with an Android device first.
This attack does not require any interference from the user and it works quietly.
Millions of audio devices require a patch to stay safe from this problem ...
Introduction to Bluetooth attacks – Tarlogic
Many manufacturers affected by this problem are impacted across crores of devices that support Google’s Fast Pair. Unsecured products include models from the following companies:
- Sony (for example, WH-1000XM Series headphones and WF earbuds)
- Jbl
- Anker Soundcore
- Jabra
- Logitech
- Nothing (e.g., Ear (a))
- OnePlus (for example, Nord Buds)
- Marshall
- Xiaomi
- Even Google’s Pixel Buds Pro 2 too
This drawback is not in the operating system of your phone, but in the firmware of the accessories, so iPhone users with these devices are also in danger.
Soundcore by Anker P2i True Wireless Earbuds, Black Color – A3949Z11
Soundcore by Anker Sport X20 Hook – A3968Z11
How to use your SONY WH-CH520 Wireless Headphone | Sony Latvia
Safety Remedies:
Information about the vulnerability (which is tracked as CVE-2025-36911) was given to Google by researchers of COSIC and DistriNet groups of KU Leuven in August 2025. Google kept it in a serious category, declared a reward of $15,000, and gave 150 days to vendors to fix it. Many manufacturers have issued firmware updates through their apps or websites.
- Check the latest firmware updates immediately through your brand’s app (e.g., Sony Headphones Connect, Soundcore App, etc.) and install them.
- Visit the official website (whisperpair.eu) to see the list of unsafe appliances.
- Turn off Bluetooth in crowded or suspicious areas (such as public events).
- If there is any problem in pairing, then restart your earbuds.
- Beware of unexpected “tracker alerts” — these can be false signals or related disturbances.
- The only reliable solution is the patch issued by the manufacturer, because Fast Pair cannot be completely disabled.
How did this mistake happen?
Even Google-certified devices ignored basic security measures while implementing Fast Pair, which exposed flaws in the certification and review process. This incident underlines the fact that in the competition for uninterrupted and fast connectivity, security is sometimes compromised. Patches are being released, but this serves as a reminder to keep devices updated regularly and always stay cautious to protect yourself from hackers.
For the latest information, check sources such as WhisperPair’s official research page or reliable security sources. Be safe!
Comments
Post a Comment