WPair Scanner Released to Detect WhisperPair Flaw in Google’s Fast Pair Protocol

This report documents CVE-2025-36911 (WhisperPair), a critical authentication-bypass in Google Fast Pair that enables unauthorized pairing, persistent Account Key installation, microphone eavesdropping and location tracking on millions of Bluetooth audio devices; it describes the WPair Android toolkit that can scan for, test, and demonstrate exploitation of vulnerable devices and calls for urgent vendor firmware updates and user patching.