Critical Security Alert: Google Fast Pair Vulnerability Detected in Sony, Anker, and Other Headphones

A recent discovery by researchers from KU Leuven University in Belgium has unveiled a critical security vulnerability present in several Bluetooth audio devices from major companies like Sony, Anker, and Nothing. The flaw allows potential attackers to eavesdrop on conversations or track devices connected to Google’s Fast Pair network, as reported by Wired.

The vulnerability, named WhisperPair, stems from weaknesses in Google’s Fast Pair protocol. It enables hackers within Bluetooth range to covertly pair with headphones, earbuds, and speakers, even affecting iPhone users with vulnerable devices. This security breach raises concerns about the privacy and safety of Bluetooth-connected devices.

Fast Pair, a feature designed to simplify Bluetooth pairing, has been found to be improperly implemented in many devices. This includes a violation of a Google specification that prohibits Fast Pair devices from connecting to a new device while already paired with another. Such lapses in security pose a significant threat to user data and device integrity.

The researchers conducted tests on over two dozen Bluetooth devices, successfully hacking into 17 of them. They were able to manipulate compromised headphones and speakers to play unauthorized audio, intercept phone calls, and even monitor conversations using the devices’ microphones. These findings highlight the urgent need for enhanced security measures in Bluetooth technology.

Of particular concern are five Sony products and Google’s Pixel Buds Pro 2, which were found to be vulnerable to WhisperPair attacks. If not previously connected to an Android device, these devices could be paired with a hacker’s Google account, enabling unauthorized tracking via Google’s Find Hub network. This poses a serious risk to user privacy and security.

Following the researchers’ report to Google in August 2025, the company issued recommendations to its partners to address the vulnerabilities. Subsequent software updates and certification requirements were implemented to mitigate similar security risks. However, ongoing efforts are needed to ensure the protection of Bluetooth devices from potential exploits.

While fixes have been introduced to address the Fast Pair vulnerabilities, concerns remain about the effectiveness of these solutions. Additional updates to the Find Hub network were made to prevent WhisperPair attacks, but researchers were able to bypass these measures. This underscores the need for continuous vigilance and proactive security measures in the face of evolving threats.

To protect against WhisperPair attacks, users are advised to install firmware updates released by manufacturers to patch the vulnerabilities. The response from manufacturers and companies implicated in the security breach will be crucial in safeguarding user data and privacy. Stay tuned for updates on this developing story.