Your Bluetooth earbuds are at risk of being hijacked - here's how to prevent it ASAP

Researchers from KU Leuven disclosed "WhisperPair," vulnerabilities in the Fast Pair protocol used by many Bluetooth audio accessories that, when improperly implemented, allow unauthorized devices to complete pairing and gain control of headphones and earbuds. The flaws (CVE-2025-36911) can enable attackers to tamper with controls, record conversations via built-in microphones, and potentially register and track devices through Google's Find Hub network; tests showed attacks up to ~14 meters. Multiple vendors (including Google, Sony, Harman/JBL, and Anker) are listed as affected, many patches have been issued but some devices remain vulnerable, and the researchers advise installing firmware updates from manufacturers as the only reliable mitigation.