"Pairing Bluetooth devices can be a pain, but Google Fast Pair makes it almost seamless. Unfortunately, it may also leave your headphones vulnerable to remote hacking. A team of security researchers from Belgium's KU Leuven University has revealed a vulnerability dubbed WhisperPair that allows an attacker to hijack Fast Pair-enabled devices to spy on the owner. Fast Pair is widely used, and your device may be vulnerable even if you've never used a Google product."
"The bug affects more than a dozen devices from 10 manufacturers, including Sony, Nothing, JBL, OnePlus, and Google itself. Google has acknowledged the flaw and notified its partners of the danger, but it's up to these individual companies to create patches for their accessories. A full list of vulnerable devices is available on the project's website. The researchers say that it takes only a moment to gain control of a vulnerable Fast Pair device (a median of just 10 seconds) at ranges up to 14 meters. That's near the limit of the Bluetooth protocol and far enough that the target wouldn't notice anyone skulking around while they hack headphones."
Google Fast Pair simplifies Bluetooth pairing but contains a vulnerability called WhisperPair that enables remote hijacking of Fast Pair-enabled audio devices. Attackers can force a connection in a median of ten seconds at distances up to 14 meters. Once connected, attackers can interrupt audio, inject audio of their choice, access device microphones, and track device location to follow targets. The flaw affects more than a dozen models across ten manufacturers including Sony, Nothing, JBL, OnePlus, and Google. Google has notified hardware partners, but individual manufacturers must produce and deploy patches. A full list of affected devices is available on the researchers' project website.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]