Security Flaw in Bluetooth Headphones Could Let Hackers Listen In
A newly disclosed security vulnerability in Google’s Fast Pair technology has put more than a dozen popular headphones and speakers at risk of hijacking, potentially allowing attackers to eavesdrop through built-in microphones, play their own audio or even track a user’s location.
The bug, dubbed ‘WhisperPair’ by researchers from Belgium’s KU Leuven University, affects at least 17 audio devices from 10 brands, including Sony, JBL, Jabra, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech and Google itself.
While Google says its own Pixel Buds have already been patched, many third-party accessories may still be exposed until manufacturers roll out firmware updates.
Fast Pair is designed to make connecting Bluetooth accessories to phones and computers almost instant. But the researchers found that some products don’t properly check whether they’re in pairing mode.
![]()
That flaw can let an attacker within Bluetooth range – up to around 10–14 metres – force a connection in as little as 10–15 seconds using only the device’s model number.
Once connected, an attacker could interrupt audio, inject their own sounds, switch on the microphone to listen to nearby conversations, or in some cases track the device’s location using Google’s Find Hub network.
Crucially, because the weakness is in the accessory itself, it doesn’t matter whether the owner uses Android, iPhone, Windows or Mac.
Google says it was notified of the issue in August and provided partners with recommended fixes in September.

The company also says it has not seen evidence of the attack being used outside laboratory testing and has updated its certification tools and Find Hub protections.
However, the researchers told overseas media they were able to find workarounds for at least one of Google’s patches shortly after it was released.
The bigger problem may be updates. Many people never install the companion apps required to update their headphones’ firmware, meaning vulnerable devices could remain unpatched indefinitely.
Security experts recommend installing any available firmware updates from your accessory’s manufacturer, keeping the official app installed and factory-resetting devices if you’re concerned.























































































