WhisperPair Vulnerability Allows Attackers to Pair Devices Without User Consent 

Researchers disclosed "WhisperPair" (CVE-2025-36911), a critical Fast Pair implementation flaw that lets attackers forcibly pair with and take control of Bluetooth headphones, earbuds, and speakers without user consent—allowing eavesdropping, forced audio playback, and persistent location tracking via abused account keys. The issue affects multiple vendors and chipsets despite passing certification, has a CVSS 9.8 rating, and while some manufacturers have issued patches after responsible disclosure, many devices remain unpatched; users are advised to disable Bluetooth when idle and verify updates with manufacturers.