Link: Sony, Anker, and other headphones have a serious Google Fast Pair security vulnerability

Researchers at KU Leuven University have discovered vulnerabilities in Google's Fast Pair protocol, exposing Bluetooth devices like headphones to potential hacking. Affected devices from brands such as Sony, Anker, and Nothing can be secretly paired with by attackers within Bluetooth range.

The vulnerabilities, named WhisperPair, could allow hackers to manipulate audio, intercept calls, and eavesdrop through the devices’ microphones. Over two dozen Bluetooth devices were tested, with 17 successful hacks reported.

In some cases, WhisperPair enabled hackers to link Sony products and Google's Pixel Buds Pro 2 to a bogus Google account, facilitating unauthorized location tracking via Google’s Find Hub network. If not linked to an original user's Android device and Google account, devices were vulnerable to this exploit.

Google has issued updates and new certification requirements to mitigate these issues after being alerted by the researchers in August 2025. Although Google maintains there has been no real-world exploitation, the researchers were able to bypass the initial fixes in mere hours.

User protection hinges on installing updated firmware from the device manufacturers, as the Fast Pair feature cannot be disabled. Google and device manufacturers are cooperating to address these security vulnerabilities comprehensively.

Following this security incident, Google and manufacturers have reaffirmed their commitment to users' privacy and security, with ongoing investigations and updates planned to fortify affected devices. Users are advised to apply firmware updates promptly.

 #

--

Yoooo, this is a quick note on a link that made me go, WTF? Find all past links here.