Critical flaw lets hackers track, eavesdrop via Bluetooth audio devices

Security researchers disclosed WhisperPair (CVE-2025-36911), a critical flaw in many vendors' implementations of Google's Fast Pair for Bluetooth audio accessories that allows attackers within ~14 meters to forcibly pair with devices, control audio, eavesdrop via microphones, and potentially track victims via Google Find Hub; vendors have been notified and are releasing firmware patches, but many devices may remain unpatched.