WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected

A critical Fast Pair implementation flaw (CVE-2025-36911, “WhisperPair”) lets attackers initiate pairing with Bluetooth audio accessories without user consent, allowing remote control, eavesdropping, and location tracking via Google’s Find Hub; the bug affects hundreds of millions of devices from major vendors and the only effective mitigation is firmware updates from manufacturers, which are being rolled out but are not yet universal.