Sony, Anker, and other headphones have a serious Google Fast Pair security vulnerability

Sony, Anker, and other headphones have a serious Google Fast Pair security vulnerability

Briefly

"Researchers from KU Leuven University's Computer Security and Industrial Cryptography group in Belgium discovered several vulnerabilities in Google's Fast Pair protocol that can allow a hacker within Bluetooth range to secretly pair with some headphones, earbuds, and speakers. The attacks, which the researchers have collectively dubbed WhisperPair, can even be used on iPhone users with affected Bluetooth devices despite Fast Pair being a Google-specific feature."

"Several Bluetooth audio devices from companies like Sony, Anker, and Nothing are susceptible to a new flaw that can allow attackers to listen in on conversations or track devices that use Google's Find Hub network, as reported by Wired. Researchers from KU Leuven University's Computer Security and Industrial Cryptography group in Belgium discovered several vulnerabilities in Google's Fast Pair protocol that can allow a hacker within Bluetooth range to secretly pair with some headphones, earbuds, and speakers."

"Fast Pair streamlines Bluetooth pairing and lets wireless audio accessories connect to Android or Chrome OS devices by simply tapping them together. But the researchers found that many devices don't implement Fast Pair correctly, including a Google specification that says Fast Pair devices shouldn't be able to connect to a new device while already paired to another. The researchers tested their WhisperPair attacks on over two dozen Bluetooth devices and were successful in hacking 17 of them. They were able to play their own audio through the compromised headphones and speakers at any volume, intercept phone calls, and even eavesdrop on conversations using"