Bluetooth headphones and speakers could be more vulnerable than many users realise, according to security researchers, warning that flaws in Google’s Fast Pair technology may still leave some devices open to hijacking.
The issue comes from researchers at KU Leuven University in Belgium, who say vulnerabilities in Fast Pair — Google’s one-tap system for connecting Bluetooth accessories — could allow attackers to take control of nearby audio devices or even track their location. The team has grouped the flaws under the name WhisperPair, and claims affected devices can be targeted from up to 46 feet away.
Google says it has already addressed the problems. In a statement, the company claimed that it has rolled out fixes to prevent device hijacking and location tracking, including updates for products such as the Pixel Buds Pro.
Google also said some of the remaining risk comes from third-party manufacturers not fully following Fast Pair’s specifications, and that it warned companies about this back in September 2025.
However, the researchers argue that the vulnerabilities still affect products from major brands, including Sony, Harman, and Google itself.
While the flaws were demonstrated in controlled lab conditions, the group says the scale of Fast Pair usage across Android and Chrome OS since its launch in 2017 makes the risks hard to ignore.
“Our findings show how a small usability add-on can introduce large-scale security and privacy risks for hundreds of millions of users,” the researchers said on their website. They’ve also released a YouTube video explaining how Fast Pair can be abused and are preparing an academic paper detailing their findings.
Google maintains it hasn’t seen evidence of the vulnerabilities being exploited outside the lab and says it worked closely with the researchers through its Vulnerability Rewards Program, awarding a $15,000 bounty. The company also pointed to recent security updates for Wear OS and Pixel devices, and says it has now blocked Find Hub network provisioning in scenarios that could have enabled location tracking.
One lingering concern is awareness. Firmware updates are often required to patch Bluetooth accessories, but many users never check for them or may not even know updates exist. The researchers have published a lookup tool listing affected devices and instructions on how to update them, something Google doesn’t currently offer on its own Fast Pair Known Issues page.
For now, Google’s advice is simple: keep your headphones and speakers updated with the latest firmware. It might not sound exciting, but it’s still the easiest way to make sure your Bluetooth gear isn’t quietly becoming someone else’s.
The post New research shows Bluetooth devices are at risk of hijack appeared first on Trusted Reviews.
