Google's Fast Pair protocol was designed to make Bluetooth connections effortless. One tap and your headphones are connected. Researchers at Belgium's KU Leuven University just discovered that same convenience works both ways. Hackers can silently hijack millions of wireless earbuds, headphones, and speakers in under 15 seconds from up to 50 feet away.
The security team found vulnerabilities in 17 audio devices from Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google itself. They're calling the exploit WhisperPair. Once an attacker pairs with your device, they own it completely. They can blast audio through your earbuds at max volume, hijack your phone calls, or activate the microphone to eavesdrop on everything around you. Google Pixel Buds Pro 2 and certain Sony models have an even worse problem. Attackers can track your location in real time using Google's Find Hub feature.
Researcher Sayon Duttagupta described the attack simply. You're walking down the street with your headphones on, listening to music. In less than 15 seconds, someone can hijack your device. That means turning on the microphone to listen to your ambient sound, injecting audio, tracking your location. His colleague Nikola Antonijević put it more bluntly. The attacker now owns this device and can basically do whatever he wants with it.
The attack exploits a fundamental flaw in how these devices implement Fast Pair. Google's specification says devices shouldn't accept new pairings while already connected, but the vulnerable products allow it anyway. All an attacker needs is a cheap Raspberry Pi, Bluetooth range, and a Model ID specific to your device model. Those IDs are trivial to obtain by buying the same model, intercepting pairing attempts, or querying a public Google API.
The tracking vulnerability targets iPhone users specifically. If your Pixel Buds or Sony headphones have never been linked to a Google account because you only use iOS, a hacker can claim ownership and add them to their Find Hub network. You might eventually get a notification that you're being tracked, but it would show your own device following you. Most people would dismiss it as a glitch. Meanwhile the attacker sees your location at all times.
The Patch Problem
Google published a security advisory and contacted vendors after researchers disclosed the findings in August. Many companies released patches. Most people will never install them. Updating wireless earbuds requires downloading manufacturer apps that most users don't know exist. Researcher Seppe Wyns explained the gap. If you don't have the app of Sony, then you'll never know that there's a software update for your Sony headphones. And then you'll still be vulnerable.
There's no way to disable Fast Pair. You can factory reset your device to kick out an attacker, but the vulnerability remains. Within hours of Google releasing a patch for the Find Hub tracking issue, the researchers found a bypass and were still able to track victims.
Google certified every single vulnerable device through its Validator App, which supposedly checks whether Fast Pair is properly implemented. The devices also went through additional testing at Google-selected labs before mass production. They all passed despite having dangerous flaws.
When WIRED contacted the affected companies, Xiaomi and JBL said they're rolling out updates. Jabra claimed it already patched in June, though researchers didn't disclose until August. Logitech says future models will be fixed. Sony, Marshall, and Nothing didn't respond. None of the six chipmakers involved responded either.
The researchers tested 25 Fast Pair devices from 16 vendors and found the majority vulnerable. They emphasize one simple fix would solve the core problem. Fast Pair should cryptographically enforce ownership and prevent rogue secondary pairings without authentication. But for now, millions of devices remain exposed.
The Bluetooth protocol itself has no vulnerabilities here. Only the one-tap convenience layer Google built on top of it does. Researcher Nikola Antonijević stated the lesson clearly. Yes, we want to make our life easier and make our devices function more seamlessly. Convenience doesn't immediately mean less secure. But in pursuit of convenience, we should not neglect security.
Google optimized for frictionless pairing. They got frictionless hijacking instead. The researchers published a searchable list of affected devices. Check if yours is vulnerable. Download the manufacturer app if it exists. Install the update if available. Your headphones are already listening. Make sure you're the only one hearing.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
Can attackers hijack my headphones if they're already paired to my phone
Yes. That's the core vulnerability. Fast Pair devices should reject new pairings while connected, but the 17 vulnerable models allow silent secondary pairing even during active use.
How do I know if my wireless earbuds are vulnerable to WhisperPair
Check the searchable device list the KU Leuven researchers published. If your model from Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, or Google is listed, you're vulnerable unless you've manually updated firmware.
Can iPhone users be tracked through the Find Hub vulnerability
Yes, specifically iPhone users. If your Google Pixel Buds Pro 2 or certain Sony models have never been linked to a Google account, an attacker can claim ownership and track you through Find Hub without ever touching your phone.
Is there a way to disable Fast Pair on my devices
No. Fast Pair cannot be disabled on any affected device. Factory resetting removes an attacker's access temporarily but leaves the vulnerability in place. The only real fix is a firmware update from the manufacturer.
Did Google's security certification catch these vulnerabilities
No. All vulnerable devices passed Google's Validator App and additional lab testing before mass production. The certification process approved dangerous implementations as compliant with Fast Pair standards.