WhisperPair Attack Leaves Millions of Audio Accessories Open to Hijacking - SecurityWeek
A critical vulnerability (CVE-2025-36911) in Google Fast Pair lets attackers forcibly connect to Bluetooth accessories like earbuds without consent, dubbed “WhisperPair.”
Attackers within 46 feet can control accessories to play audio or record conversations, and can track users by registering as device owners. Hundreds of millions of devices from brands like Sony, JBL, and Logitech are affected.
Google patched Pixel devices, but users must also update their accessory firmware for full protection.
