Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking

KU Leuven’s Computer Security and Industrial Cryptography group disclosed “WhisperPair,” a set of vulnerabilities in Google’s Fast Pair protocol impacting 17 audio accessories from 10 vendors (including Sony, Jabra, JBL, Google, and others). The researchers demonstrate that an attacker within Bluetooth range (~50 feet) can silently pair to affected earbuds, headphones, or speakers to hijack audio streams, turn on microphones to eavesdrop, inject audio, or — for devices supporting Google’s Find Hub/location feature — perform high-resolution location stalking, potentially affecting hundreds of millions of devices.