22.01.2026 14:09:00
Дата публикации
Researchers from the WhisperPair project discovered a vulnerability in the Fast Pair system, used to quickly connect Bluetooth accessories to Android devices by millions of users worldwide.
The technology allows instant pairing of smartphones with headphones or speakers, but its simplicity created serious risks. The data exchange protocol allowed interception of pairing keys, opening the door to attacks.
Experts confirmed the possibility of exploiting this flaw on brands such as Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, and Logitech. Notably, Fast Pair is also used in Android Auto and Google TV devices.
As a result, attackers could connect to devices without the owner’s knowledge and interfere with accessory operation.
In some scenarios, this enabled interception of audio streams or use of the connection for further attacks.
After publication of the findings, Google released security updates to fix the vulnerabilities. The patches are distributed through standard Android and Google Play mechanisms, making them widely accessible.
However, researchers claim the patch can still be bypassed. The WhisperPair team proposed new rules for key storage and device authentication to prevent similar issues in the future.
For now, users have limited protection. Fast Pair cannot be disabled on accessories, and a factory reset only temporarily removes unauthorized bindings, after which the attack can be repeated.
The simplest advice: check if firmware updates are available for your headphones or speakers, install the manufacturer’s app, and apply fixes if provided.
