Fast Pair, loose security: Bluetooth accessories open to silent hijack

Researchers uncovered "WhisperPair," a flaw in Google's Fast Pair implementation where many Bluetooth earbuds, headphones, and speakers accept pairing requests at any time instead of enforcing explicit user-initiated pairing mode. Attackers within Bluetooth range can hijack devices to inject or interrupt audio, manipulate volume, activate microphones, or register devices to receive location updates. Google and some manufacturers are releasing firmware fixes, but coverage is inconsistent and many inexpensive accessories may never be patched.