Google Fast Pair makes Bluetooth device pairing easy, but it also introduces a serious vulnerability known as WhisperPair. Researchers from KU Leuven University in Belgium discovered that this flaw allows attackers to remotely take control of Fast Pair-enabled devices, including headphones from brands like Sony, JBL, and OnePlus. The problem arises from a failure in the Fast Pair implementation, where many devices accept connection requests even when they shouldn’t. An attacker can hijack a device in about 10 seconds from up to 14 meters away, enabling them to listen in on conversations and track users via their Bluetooth devices. While Google has acknowledged the vulnerability and informed its partners, the responsibility for fixing it lies with individual manufacturers. Many users may never receive updates for their accessories since these devices often lack automatic patching capabilities. Google has issued partial updates for some devices, but researchers found workarounds for those patches. A full fix is underway, but it could take weeks or months for all affected devices to be secured. For those concerned about potential exploitation, the only immediate solution is to factory reset their headphones and ensure the companion app is installed for future updates.