Google Fast Pair WhisperPair Vulnerability: 17 Devices Risk High-Speed Hijacking
Researchers discover WhisperPair, a vulnerability in Google Fast Pair affecting 17 devices from brands like Sony and JBL, allowing 15-second audio hijacking and tracking.
In less than 15 seconds, a stranger could be listening through your earbuds. Researchers at KU Leuven University have uncovered a collection of vulnerabilities dubbed 'WhisperPair' in Google's Fast Pair protocol, potentially exposing hundreds of millions of users to stalking and eavesdropping.
How WhisperPair Hijacks Your Audio
The vulnerability affects 17 devices from 10 major brands, including Sony, JBL, Logitech, and Google itself. By exploiting flaws in the Bluetooth pairing process, attackers within a 50-foot range can silently connect to a device even if it's already paired with a smartphone. This allows hackers to inject audio, take over phone conversations, or turn on the microphone to monitor the victim’s surroundings.
The Challenge of Patching Peripheral Hardware
According to WIRED, Google has released security updates and notified vendors. However, many users don't use the required manufacturer apps to update their headphone firmware. Furthermore, researchers told WIRED they have already found a bypass for Google's latest patch, suggesting the problem may persist for months.
This content is AI-generated based on source articles. While we strive for accuracy, errors may occur. We recommend verifying with the original source.
Related Articles
Mandiant has released an NTLMv1 rainbow table database, allowing passwords to be cracked in under 12 hours with $600 hardware. A wake-up call for legacy security.
Nicholas Moore pleaded guilty to hacking the U.S. Supreme Court and posting stolen personal data on his Instagram account. Read about the 2026 cybercrime case details.
Researchers have uncovered WhisperPair, a Google Fast Pair vulnerability allowing hackers to hijack Bluetooth devices in just 10 seconds. Affects major brands like Sony and JBL.
Betterment confirmed a data breach on January 9, 2026, involving customer names and addresses. Hackers used a social engineering attack to send crypto scams.
Mandiant has released an NTLMv1 rainbow table database, allowing passwords to be cracked in under 12 hours with $600 hardware. A wake-up call for legacy security.
Nicholas Moore pleaded guilty to hacking the U.S. Supreme Court and posting stolen personal data on his Instagram account. Read about the 2026 cybercrime case details.
Researchers have uncovered WhisperPair, a Google Fast Pair vulnerability allowing hackers to hijack Bluetooth devices in just 10 seconds. Affects major brands like Sony and JBL.
Betterment confirmed a data breach on January 9, 2026, involving customer names and addresses. Hackers used a social engineering attack to send crypto scams.