If you have a Fast Pair-enabled audio device, such as a Bluetooth speaker or wireless headphones, you may want to update it to the latest firmware immediately. Security researchers have discovered a series of Fast Pair vulnerabilities called WhisperPair that could allow attackers to take control of the device and play audio, listen in, and even track your location.
The good news is that researchers at the Belgian university KU Leuven who discovered the vulnerability reported it to Google back in August 2025, and several manufacturers have already released patches for affected devices. The responsibility now falls on users to update their Fast Pair-enabled audio accessories or contact the manufacturer if a patch is not available.
According to Wired, WhisperPair affects a variety of popular audio accessories that rely on Google’s Fast Pair to quickly connect to Android phones, tablets and Chromebooks. The list of vulnerable devices published by the researchers includes popular models such as Sony’s WH-1000XM6 headphones, Pixel Buds Pro 2, Nothing Ear a and OnePlus Nord Buds 3 Pro.
As for how the exploit works, WhisperPair allows attackers to connect to nearby vulnerable devices without notifying the owner. Simply put, it bypasses some of the checks Fast Pair uses to confirm a legitimate connection and allows someone within Bluetooth range to quietly connect to an accessory.
Update your Fast Pair-enabled audio devices instantly
Once connected, the attacker could disrupt audio playback, listen in through the device’s microphone, or abuse Google’s Find Hub tracking feature to track the owner’s whereabouts. Although Google says there is no evidence that the vulnerability is being actively exploited, researchers warn that it could still pose a security risk if devices are not patched.
For users who own a Fast Pair-enabled audio accessory, the solution is quite simple. Check if a firmware update is available and install it as soon as possible. Since audio accessories are often overlooked when it comes to updates, taking a few minutes to update or confirm support with the manufacturer can help prevent attackers from gaining access to the device you use every day.
