Belgium’s KU Leuven University’s researchers revealed a disturbing Bluetooth vulnerability called ‘WhisperPair’ affecting hundreds of millions of wireless headphones, earbuds, and speakers that are using Google’s Fast Pair protocol. Attackers within 46 feet or 14 meters can take over devices in seconds to eavesdrop on conversations using mics, blast audio, or track location using Google’s Find Hub network.
As per the researchers’ report, “The victim may see an unwanted tracking notification after several hours or days, but this notification will show their own device. This may lead users to dismiss the warning as a bug, enabling an attacker to keep tracking the victim for an extended period.”
How Does the Vulnerability Work?
With the Fast Pair feature, you can pair Bluetooth accessories with Android ChromeOS devices in just one tap. With unauthorized devices, the pairing is silent, completing it via standard Bluetooth, allowing full control regardless of the person’s phone OS, even for iPhone users. To track, attackers add compromised accessories to Find Hub using their Google account. The worst part, victims get notifications way later, showing their own device. This notification can be easily dismissed as a regular bug.
Vulnerable Models & Devices
Around 17 models from 10 popular manufacturers are considered vulnerable. The brands include Sony, JBL, Xiaomi, Nothing, OnePlus, Jabra, Marshall, Soundcore, Logitech, and Google. Here’s a list of some of the most vulnerable models:
- Sony’s WH-1000XM6
- Google’s Pixel Buds Pro 2
- OnePlus’ Nord Buds 3 Pro
- Sony’s WH-1000XM4 & WH-1000XM5
- Sony’s WH-CH720N
- Sony’s WF-1000XM5
- Jabra’s Elite 8 Active
And many others.
Google’s Response & Fixes
Google took quite a few steps to fix this ridiculousness; it confirmed that the Pixel bugs are protected, rolled out Find Hub fixes, updated certifications via the Validator tool, and shared OEM recommendations. These steps have been taken since September 2025. A spokesperson from Google said, “We appreciate collaborating with security researchers through our Vulnerability Rewards Program, which helps keep our users safe,” and also added, “We worked with these researchers to fix these vulnerabilities, and we have not seen evidence of any exploitation outside of this report’s lab setting.”
They also suggested that users check their headphones for the latest firmware update. According to Google, they have been constantly monitoring and improving Fast Pair and Find Hub security.
Related: Malaysia & Indonesia Block Elon Musk’s Grok AI: Becomes the First Countries To Do So!