Summary generated by Smart Answers AI
In summary:
- Macworld reports on WhisperPair, a critical vulnerability affecting Bluetooth devices that use Google Fast Pair technology that enables hackers to control, track, or record through compromised devices.
- Popular products like the Google Pixel Buds and Sony WH-1000 headphones are at risk, while Apple accessories remain safe because they don’t use Google Fast Pair.
- Both Android and iPhone users face risks when using affected devices, requiring the manufacturer’s firmware updates to resolve the vulnerability.
If you’re using a Bluetooth device that supports Google Fast Pair, there’s a good chance it will be taken over by a hacker, who can then play audio or record through the device’s microphone, or even track you if the device supports Google Find Hub as well. And you’re not safe just because you’re using an iPhone or Mac, the vulnerability is in the device itself, and the hacker is implementing it from their own device within Bluetooth range.
The vulnerability, called WhisperPair, exploits a flaw in the way many Bluetooth devices implement Google Fast Pair technology. Here’s how it works:
When a host device (like your phone or laptop) tries to pair with an accessory that uses Google Fast Pair (like a pair of headphones), it tries to connect to the accessory it wants to pair. If the device is not in pairing mode, Fast Pair should ignore any further action or requests. But according to researchers in the COSIC group at KU Leuven, some devices do not implement this protocol correctly, allowing the host to pair with the accessory anyway.
If you use Apple accessories like AirPods or AirTags, you’re safe. These do not support Google Fast Pair. But if you use popular Bluetooth accessories from other brands, like the Google Pixel Buds or Sony WH-1000 headphones, they have been tested to be vulnerable. Since this vulnerability exists in the accessories themselves, it doesn’t matter whether you’re using an iPhone, Android, Mac, or PC.
You can search a list of known vulnerable and safe products on the WhisperPair website. It’s worth noting that the only Beats product tested, the Solo Buds, were cleared of vulnerabilities. Many other models are listed on the site but have not been properly tested.
If you have a vulnerable device, the fix should come in the form of a firmware update for that device. You will have to check in the future if the manufacturer of your Bluetooth accessory has released a firmware update and applied it. This may take some time, or for many accessories, it may never arrive.