If you own a Fast Pair-enabled audio device, such as a Bluetooth speaker or wireless headphones, you may want to update it to the latest firmware right away. Security researchers have discovered a set of Fast Pair vulnerabilities, dubbed WhisperPair, that could allow attackers to take control of the device and play audio, listen in, and even track your location.
The good news is that researchers from Belgium’s KU Leuven University, who spotted the security flaw, reported it to Google back in August 2025, and several manufacturers have already released patches for affected devices. The onus now lies on users to update their Fast Pair-enabled audio accessories, or reach out to the manufacturer if a patch is not available.
According to Wired, WhisperPair affects a wide range of popular audio accessories that rely on Google’s Fast Pair to quickly connect with Android phones, tablets, and Chromebooks. The list of vulnerable devices published by the researchers includes popular models like Sony’s WH-1000XM6 headphones, Pixel Buds Pro 2, Nothing Ear a, and OnePlus Nord Buds 3 Pro.
As for how the exploit works, WhisperPair allows attackers to connect with nearby vulnerable devices without alerting the owner. In simple terms, it bypasses some of the checks Fast Pair uses to confirm a legitimate connection, making it possible for someone within Bluetooth range to quietly link to an accessory.
Update your Fast Pair-enabled audio devices right away
Once connected, the attacker could interfere with audio playback, listen in through the device’s microphone, or misuse Google’s Find Hub tracking feature to follow the owner’s whereabouts. Although Google says there’s no evidence that the flaw is being actively exploited, the researchers warn that leaving devices unpatched could still pose a security risk.
For users who own a Fast Pair-enabled audio accessory, the takeaway is fairly straightforward. Check whether a firmware update is available and install it as soon as possible. Since audio accessories are often overlooked when it comes to updates, taking a few minutes to update or confirm support with the manufacturer could help prevent attackers from gaining access to the device you use every day.
