Sunday, January 18, 2026
Latest:

Threatshub.org sponsored-Post

The Register

Fast Pair, loose security: Bluetooth accessories open to silent hijack

TH Author

Hundreds of millions of wireless earbuds, headphones, and speakers are vulnerable to silent hijacking due to a flaw in Google’s Fast Pair system that allows attackers to seize control without the owner ever touching the pairing button.

The issue, dubbed “WhisperPair,” was uncovered by researchers at KU Leuven, who found that many Bluetooth accessories claiming support for Fast Pair fail to properly enforce one of its most basic safety checks. Based on Fast Pair’s uptake, the team says the flaw likely affects “hundreds of millions” of accessories already in circulation.

In theory, Fast Pair devices are supposed to accept new pairing requests only when the user explicitly places them in pairing mode. In practice, the researchers say, many products will happily accept a new connection request at any time.

That creates an opening for attackers within Bluetooth range to step in and pair their own device, even if the accessory is already in use by someone else.

Once paired, the attacker gets the same level of access as a legitimate owner. Depending on the device, that can mean injecting or interrupting audio, manipulating volume, or, in some cases, activating the microphone. It is the sort of pesky thing that does not require nation-state resources or exotic hardware; a nearby phone or laptop is more than enough.

The researchers stress the problem is not Bluetooth itself, but sloppy or incomplete implementations of Google’s Fast Pair specification by device makers. Fast Pair was designed to make connecting accessories to Android devices nearly frictionless, using Bluetooth Low Energy beacons and cloud lookups to speed things along. That convenience has come at the cost of enforcement on the accessory side, where vendors are expected to check whether pairing should even be allowed in the first place.

What’s more, some Fast Pair accessories integrate with Google’s Find My Device network, allowing lost earbuds or headphones to be located using nearby Android phones. If an attacker can pair with an accessory before its rightful owner does, they can potentially register it to their account and receive location updates as it moves around.

Google was alerted to the issue and says it has been working with manufacturers on fixes. Some patches are now trickling out as firmware updates, though coverage is patchy, and plenty of cheaper accessories either don’t get updates at all or rely on clunky vendor apps most users never open.

Tweaking settings on your phone, or switching Fast Pair off entirely, doesn’t solve much if the accessory itself is still happy to accept rogue pairing requests.

The WhisperPair team reported the bug privately last year and sat on the details while vendors were given time to respond, picking up a bug bounty along the way. Their findings are a good example of a recurring problem in the smart device world: security rules that look fine on paper can unravel quickly once they’re handed to dozens of manufacturers racing to ship cheap hardware. ®

READ MORE HERE