This new Bluetooth hack can hijack your audio devices
A security flaw called WhisperPair lets hackers quietly connect to Bluetooth audio devices that use Google's Fast Pair—no permission needed.
The issue? Fast Pair doesn't check if your earbuds or speakers are actually in pairing mode, so anyone nearby with the right tools can sneak in.
What is Fast Pair and why does it matter?
Fast Pair makes connecting your headphones or earbuds to Android and ChromeOS super easy—just one tap.
It's used by big brands like Sony, JBL, Xiaomi, OnePlus, and more, covering millions of devices worldwide.
How bad is WhisperPair?
Researchers tested 25 different devices (using a low-cost Raspberry Pi 4 from about 14 meters away) and were able to take over roughly 68% of them (about 17 devices).
Once connected, attackers could eavesdrop on calls, play random sounds through your headphones, mess with ongoing calls, or even track where your device is—if they grab control first.
The good news: there haven't been real-world attacks yet.
What's being done about it?
Google has already patched Pixel Buds and issued a patch to its Find Hub network and updated its Validator certification tool and certification requirements.
Brands like Xiaomi, JBL, Logitech, and OnePlus have taken or planned steps as well: Xiaomi is working with suppliers to roll out over-the-air updates, JBL has received the security patches from Google and the software will be updated via JBL apps over the next few weeks, Logitech integrated a firmware patch for upcoming production units, and OnePlus is investigating the issue and will take appropriate action.
If you use Fast Pair devices, keep an eye out for updates—they're important!