A shocking new cybersecurity research has revealed that popular Bluetooth earbuds and headphones can be hacked within just 10–15 seconds from a distance of up to 14 feet, exposing users to serious privacy and security risks. The vulnerability affects audio devices from major global brands including Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google.
According to researchers, hackers can exploit flaws in Google’s Fast Pair feature to secretly connect to Bluetooth audio devices, take control of them, listen to nearby conversations, inject audio, disrupt calls, and even track the user’s real-time location.
Fast Pair: Convenience Turning into a Security Threat
Fast Pair is Google’s one-tap wireless pairing protocol that allows Android and ChromeOS devices to quickly connect with nearby Bluetooth accessories. While designed for ease of use, researchers have discovered that weaknesses in this system can be weaponized by cybercriminals.
The study found that attackers can hijack already-paired audio devices without the user’s knowledge or interaction, making Fast Pair a potential entry point for silent cyber surveillance.
‘WhisperPair’ Attack Explained
The vulnerability has been named “WhisperPair” by researchers from the Computer Security and Industrial Cryptography (COSIC) Group at KU Leuven University, Belgium. Alarmingly, the attack is not limited to Android users—even iPhone users who have never used a Google product can be affected.
Researchers demonstrated that a hacker standing within a 50-foot radius could discreetly connect to a victim’s Bluetooth headset and gain full control over it.
“You could be walking down the street wearing headphones and listening to music. In less than 15 seconds, we can hijack your device,” said Sayon Duttagupta, one of the lead researchers, speaking to Wired.
“That means we can activate the microphone, listen to surrounding conversations, inject audio, or track your location.”
Location Tracking and Eavesdropping Risks
The threat becomes even more severe for devices that support Google’s ‘Find Hub’ location tracking feature. If such a device is compromised, hackers can monitor the user’s movements in real time.
Once hacked, attackers can:
- Listen to conversations via the device’s microphone
- Interrupt phone calls or play unauthorized audio
- Track the user’s location
- Remain connected without raising suspicion
Tested Devices Hijacked Within Seconds
During testing, researchers used a low-cost Raspberry Pi 4 mini-computer to target 25 Fast Pair-enabled devices from 16 different brands. The experiments were conducted from a distance of 14 meters, and most devices were compromised within 10–15 seconds.
The findings raise serious concerns for millions of users who rely daily on Bluetooth earbuds and headphones for calls, meetings, and entertainment.
Google Responds
In response to the research, Google has acknowledged the vulnerabilities in Fast Pair. However, the company stated that it has not found evidence of active exploitation outside controlled lab environments.
A Google spokesperson said,
“We continuously review and improve the security of Fast Pair and Find Hub. We appreciate the researchers’ work and are taking steps to strengthen protections.”
A Wake-Up Call for the Tech Industry
The discovery highlights a growing tension between convenience and security in modern consumer electronics. Researchers warn that manufacturers must prioritize stronger safeguards when implementing quick-connect features, or risk turning everyday devices into tools for cyber espionage.
For users, the research serves as a stark reminder that even seemingly harmless gadgets like earbuds can become gateways to serious privacy breaches in an increasingly connected world.
Discover more from SD NEWS agency
Subscribe to get the latest posts sent to your email.