{“lastseen”:”2026-01-16T14:05:09″,”description”:”WhisperPair is a set of attacks that lets an attacker hijack many popular Bluetooth audio accessories that use Google Fast Pair and, in some cases, even track their location via Google\u2019s Find Hub network\u2014all without requiring any user interaction.\\n\\nResearchers at the Belgian University of Leuven revealed a collection of vulnerabilities they found in audio accessories that use Google\u2019s Fast Pair protocol. The affected accessories are sold by 10 different companies: Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google itself.\\n\\nGoogle Fast Pair is a feature that makes pairing Bluetooth earbuds, headphones and similar accessories with Android devices quick and seamless, and syncs them across a user\u2019s Google account.\\n\\nThe Google Fast Pair Service (GFPS) utilizes Bluetooth Low Energy (BLE) to discover nearby Bluetooth devices. Many big-name audio brands use Fast Pair in their flagship products, so the potential attack surface consists of hundreds of millions of devices.\\n\\nThe weakness lies in the fact that Fast Pair skips checking whether a device is in pairing mode. As a result, a device controlled by an attacker, such as a laptop, can trigger Fast Pair even when the earbuds are sitting in a user\u2019s ear or pocket, then quickly complete a normal Bluetooth pairing and take full control.\\n\\nWhat that control enables depends on the capabilities of the hijacked device. This can range from playing disturbing noises to recording audio via built-in microphones.\\n\\nIt gets worse if the attacker is the first to pair the accessory with an Android device. In that case, the attacker’s Owner Account Key-designating their Google account as the legitimate owner\u2019s\u2014to the accessory. If the Fast Pair accessory also supports Google\u2019s Find Hub network, which many people use to locate lost items, the attacker may then be able to track the accessory’s location.\\n\\nGoogle classified this vulnerability, tracked under CVE\u20112025\u201136911, as critical. However, the only real fix is a firmware or software update from the accessory manufacturer, so users need to check with their specific brand and install accessory updates, as updating the phone alone does not fix the issue.\\n\\n## How to stay safe\\n\\nTo find out whether your device is vulnerable, the researchers published a list and recommend keeping all accessories updated. The research team tested 25 commercial devices from 16 manufacturers using 17 different Bluetooth chipsets. They were able to take over the connection and eavesdrop on the microphone on 68% of the tested devices.\u200b \\n\\nThese are the devices the researchers found to be vulnerable, but it\u2019s possible that others are affected as well:\\n\\n * Anker soundcore Liberty 4 NC\\n * Google Pixel Buds Pro 2\u200b\\n * JBL TUNE BEAM\u200b\\n * Jabra Elite 8 Active\u200b\\n * Marshall MOTIF II A.N.C.\u200b\\n * Nothing Ear (a)\u200b\\n * OnePlus Nord Buds 3 Pro\u200b\\n * Sony WF-1000XM5\u200b\\n * Sony WH-1000XM4\u200b\\n * Sony WH-1000XM5\u200b\\n * Sony WH-1000XM6\u200b\\n * Sony WH-CH720N\u200b\\n * Xiaomi Redmi Buds 5 Pro\u200b\\n\\n\\n\\n* * *\\n\\n**We don\u2019t just report on phone security\u2014we provide it**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.”,”published”:”2026-01-16T13:08:45″,”modified”:”2026-01-16T13:08:45″,”type”:”malwarebytes”,”title”:”WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping”,”source”:””,”references”:””,”id”:”MALWAREBYTES:AD0AB4F60BDD7A7C6E93EC7CA8C2BBB9″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-36911″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:7.1,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/01\/whisperpair-exposes-bluetooth-earbuds-and-headphones-to-tracking-and-eavesdropping”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-01-16T14:05:09″,”description”:”WhisperPair is a set of attacks that lets an attacker hijack many popular Bluetooth audio accessories that use Google Fast Pair and, in some cases,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,50,12,15,115,13,7,11,5],"class_list":["post-36023","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-71","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n