\n
![](\"https:\/\/gizmodo.com\/app\/uploads\/2026\/01\/shutterstock_2204281845-1280x853.jpg\")
<\/p>\n
\n<\/p>\n
Hundreds of millions of wireless headphones, earbuds, and speakers utilize Google\u2019s Fast Pair, a protocol that allows one-tap pairing between Bluetooth accessories and your device. But many of these products have not implemented the Fast Pair technology correctly, a group of researchers from Belgium\u2019s KU Leuven University found, making your wireless device vulnerable to attacks.<\/p>\n
By using the Bluetooth vulnerability, attackers can gain complete control of your device, use your microphone to spy on your conversations, or even track your location via Google\u2019s Find Hub network. The attacker only needs to be within a 14-meter (aka roughly 46 feet) radius for the attack the researchers have dubbed \u201cWhisperPair\u201d to succeed in a matter of seconds.<\/p>\n
Here\u2019s where the Fast Pairing goes wrong. Normally, your device should disregard pairing requests if it\u2019s not in pairing mode. But many devices fail to enforce that check, the researchers say, allowing unauthorized devices to start the pairing process and finish it by a simple regular Bluetooth pairing.<\/p>\n
For location tracking, the attackers can make use of Google\u2019s Find Hub network, which would normally allow Android devices to track lost accessories via crowdsourced location reports. But you\u2019re still vulnerable to tracking even if you have never owned an Android device, because the attacker can add the compromised accessory to the Find Hub network themselves using their own Google account.<\/p>\n
\u201cThe victim may see an unwanted tracking notification after several hours or days, but this notification will show their own device. This may lead users to dismiss the warning as a bug, enabling an attacker to keep tracking the victim for an extended period,\u201d the researchers wrote in a report.<\/p>\n
Brands with vulnerable devices include Sony, JBL, Xiaomi, Nothing, OnePlus, Jabra, and Google, and specifically Sony and Google headphones are vulnerable to the location tracking scheme through the Find Hub network. You can search for some of the vulnerable models here.<\/p>\n
Google said that its Pixel Buds accessories were now protected. Developers rolled out a fix to prevent the Find Hub vulnerability, updated certification requirements, and provided manufacturers with recommended fixes.<\/p>\n
\u201cWe appreciate collaborating with security researchers through our Vulnerability Rewards Program, which helps keep our users safe,\u201d a Google spokesperson told Gizmodo. \u201cWe worked with these researchers to fix these vulnerabilities, and we have not seen evidence of any exploitation outside of this report\u2019s lab setting.\u201d<\/p>\n
Once the fixes are in place, a software update should be able to fortify your wireless device against these attacks, but you would have to update it via the manufacturer\u2019s app on your phone or computer. So, for example, if you have the allegedly vulnerable Sony WH-1000XM6 wireless headphones, you should probably download the Sony app and be on the lookout for any software updates that have been or will be issued.<\/p>\n
\u201cAs a best security practice, we recommend users check their headphones for the latest firmware updates. We are constantly evaluating and enhancing Fast Pair and Find Hub security,\u201d a Google spokesperson said.<\/p>\n
Though the findings of the report are new, distrust towards the privacy and security provided by wireless headphones isn\u2019t necessarily a novel thing.<\/p>\n
Last year, former Vice President Kamala Harris shared that she only used wired earbuds because of everything she learned serving on the Senate Intelligence Committee.<\/p>\n
\u201cI have been in classified briefings, and I\u2019m telling you, don\u2019t be on the train using your earpods thinking someone can\u2019t listen to your conversation,\u201d Harris told Stephen Colbert in an interview. \u201cI\u2019m telling you, the [wired earphones] are a bit more secure.\u201d<\/p>\n<\/p><\/div>\n