Hackers Exploit Google Fast Pair to Track Vulnerable Devices
Recent findings from researchers at KU Leuven University in Belgium have raised significant security concerns regarding Google’s Fast Pair protocol. This widely used Bluetooth feature simplifies the connection process for wireless devices, such as earbuds and speakers. However, the discovery of serious vulnerabilities, dubbed “WhisperPair,” has prompted calls for users to update their devices.
Understanding WhisperPair Vulnerabilities
WhisperPair allows attackers to exploit weaknesses in Fast Pair devices, making them susceptible to unauthorized access. These vulnerabilities were first reported to Google in August 2025, leading to a critical classification and a 150-day disclosure period to protect users.
Mechanism of the Attack
The WhisperPair vulnerabilities enable hackers to pair with devices remotely, using any Bluetooth-enabled gadget, such as laptops or Raspberry Pi systems. The issue arises when a device does not properly verify if it is in pairing mode. If this check is bypassed in the device’s software, hackers can initiate the pairing process without physical access to the product.
Potential Threats from WhisperPair
Once a hacker successfully pairs with a vulnerable device, various malicious activities can occur:
- Location tracking via the Find Hub feature.
- Disruption of audio playback.
- Unauthorized phone call and ambient recording.
These risks are not confined to Android devices, as the threat extends to iOS as well, affecting any Fast Pair-enabled accessory rather than specific phones.
Affected Devices
Several popular audio devices are currently listed as vulnerable under WhisperPair. These include:
