WhisperPair: Critical Fast Pair Flaw Exposes Headphones to Hijacking

Researchers disclosed a critical flaw in Google Fast Pair (WhisperPair, CVE-2025-36911) that lets attackers force a silent pairing with vulnerable Bluetooth audio accessories using commodity hardware, enabling audio control, microphone eavesdropping, and possible stalking by adding devices to tracking networks; Google assigned a critical rating and worked with partners, but fixes require firmware updates from individual manufacturers.