Critical WhisperPair flaw lets hackers track, eavesdrop via Bluetooth audio devices

Security researchers disclosed a critical vulnerability in the Fast Pair implementation (CVE-2025-36911, "WhisperPair") affecting many Bluetooth headphones, earbuds, and speakers from multiple vendors; attackers can force pairing within ~14 meters to hijack audio devices, eavesdrop via microphones, and enable tracking via Google Find network. Manufacturers have been notified and some firmware patches were released, but updates may not be available for all affected devices and disabling Fast Pair on phones does not mitigate the accessory-side flaw.