Based on reporting by Cybersecurity News.
Security researchers have disclosed a new attack dubbed WhisperPair, which exploits a critical flaw in Google’s Fast Pair protocol. The vulnerability allows attackers to silently hijack Bluetooth accessories such as headphones and earbuds without user interaction.
Fast Pair is designed to simplify Bluetooth pairing on Android devices. However, researchers discovered that many accessories fail to properly verify pairing requests, allowing attackers within Bluetooth range to force unauthorized connections in seconds.
What Attackers Can Do
Once a device is compromised using the WhisperPair technique, attackers may:
- Eavesdrop on audio through connected headphones
- Inject sounds or control playback
- Track users by linking devices to rogue accounts
- Abuse trusted Bluetooth relationships without alerts
The attack does not require physical access and can be executed in public places such as cafés, airports, or offices.
Affected Devices
Millions of Bluetooth accessories supporting Fast Pair may be affected, including products from popular manufacturers such as Sony, JBL, Anker, Xiaomi, OnePlus, Jabra, and others.
How to Stay Safe
Security experts recommend installing firmware updates from device manufacturers as soon as they become available. Users should also disable Bluetooth when not in use and avoid using unpatched accessories in crowded public environments.
Original source: Cybersecurity News – WhisperPair Attack