A security vulnerability in Google's Fast Pair technology exposes millions of wireless headphones to audio hijacking and location tracking, researchers revealed this week.
Belgian security researchers at KU Leuven University discovered the flaw, dubbed "WhisperPair," which affects at least 17 audio devices from 10 major brands. The vulnerability impacts products from Sony, JBL, Jabra, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google's own Pixel Buds.
Attackers within 14 meters (46 feet) can force connections to vulnerable devices in 10-15 seconds using only the device's model number. The exploit works because some manufacturers fail to properly check whether headphones are in pairing mode before accepting connections.
Once connected, attackers can play audio through headphones, record conversations via built-in microphones, or add devices to Google's Find Hub network for location tracking. The vulnerability affects hundreds of millions of devices globally.
Google received notification of the issue in August and provided partners with recommended fixes in September. The company says its Pixel Buds have already been patched, and it has updated certification tools and Find Hub protections.
Many affected brands are working on firmware updates, though researchers reportedly found workarounds for at least one Google patch shortly after its release. Some manufacturers including Marshall, Nothing, and Sony have not yet commented on the vulnerability. The bigger challenge remains user adoption - many people never install companion apps required for headphone firmware updates.
Devices that have never used Fast Pair face the highest risk, according to researchers. The vulnerability exists in the accessories themselves, making it irrelevant whether owners use Android, iOS, Windows, or Mac devices.
Security experts recommend installing available firmware updates through manufacturers' official apps and factory-resetting devices if concerned about potential compromise. Users can check specific device vulnerability status at the WhisperPair website.
Google states it has not seen evidence of real-world exploitation beyond laboratory testing. The company continues working with manufacturers to address the security gap in Fast Pair, Google's answer to Apple's seamless AirPods pairing experience for Android devices. This comes as OpenAI plans AI earbuds with a 2nm chip to challenge AirPods in the competitive wireless audio market.
