WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping

Researchers disclosed "WhisperPair" vulnerabilities in Google Fast Pair–enabled Bluetooth audio accessories from major vendors (Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, Google, etc.) that allow an attacker to trigger pairing without user interaction, take control of audio devices (including eavesdropping via microphones), and potentially claim owner account keys to track devices via Google's Find Hub network; fixes require firmware or accessory updates and Google assigned CVE‑2025‑36911.