Vulnerable WhisperPair Devices – Hijack Bluetooth Accessories Using Fast Pair

(whisperpair.eu)

18 points | by gnabgib 4 days ago

2 comments

miduil 1 hour ago
Previous discussion on ?a similar? vulnerability. That means there is yet another critical vulnerability from the same vendors, given the reporting date around ~August I hope this was addressed by Sony and Jabra around the same time.
https://news.ycombinator.com/item?id=46453204
```
   > Bluetooth Headphone Jacking: A Key to Your Phone [video]
   > 551 points
   > 223 comments
   > 21 days ago
```
I wonder if some people could find more affected versions or whether there is some tool to detect more models, as I would doubt this is being nearly complete given how many vendors rely on this supplier.
[-]
- elnerd 1 hour ago
  I have the impression this is not the same. In the linked video, they talked about unauthenticated functions in BLE if I recall correctly…
  [-]
  - miduil 1 hour ago
    yes sorry, just updated my comment shortly before you replied.
    This is CVE-2025-36911, the other ones were CVE-2025-20700, CVE-2025-20701, CVE-2025-20702. Coincidentally a similar set of headphones affected.
    This one also has a pairing vulnerability, but I assume fast pair is on the BLE level:
    > To start the Fast Pair procedure, a Seeker (a phone) sends a message to the Provider (an accessory) indicating that it wants to pair. > [...] allowing unauthorised devices to start the pairing process [...]
    It's a pity that this is only awarded with $15k, this is a really bad vulnerability - which clearly required thoughtful investigation, publishing, reporting, ... and would have a much bigger audience in the exploit market.
nmstoker 2 hours ago
Was posted a few times recently:
https://news.ycombinator.com/item?id=46631720