Home / Technology / WhisperPair Bug Exposes Bluetooth Headphone Users to Hacking
WhisperPair Bug Exposes Bluetooth Headphone Users to Hacking
15 Jan
Summary
- New WhisperPair bug allows hackers to spy via Fast Pair devices.
- Vulnerability affects over a dozen devices from 10 manufacturers.
- Attackers can track location and access microphone remotely.
Security researchers have uncovered a significant vulnerability named WhisperPair, which exploits Google's Fast Pair technology, potentially compromising the privacy of users worldwide. The flaw allows attackers to remotely hijack Fast Pair-enabled headphones, granting them access to sensitive functions such as location tracking and microphone access.
This vulnerability poses a broad risk, affecting more than a dozen devices from ten different manufacturers, including prominent brands like Sony, JBL, and OnePlus. Although Google has acknowledged the issue and informed its partners, fixing the flaw depends on individual companies releasing firmware updates. The exploit can be activated remotely within seconds, at distances of up to 14 meters, making it a stealthy threat.
While Google has issued an update for its own devices, researchers noted it may be easily circumvented. Many accessories lack automatic update capabilities, leaving users reliant on companion apps for patches, which could take weeks or months to become widely available. Users concerned about exploitation can factory reset their devices to force a re-pairing, but the most effective solution remains awaiting official firmware updates.
