Vulnerable WhisperPair Devices – Hijack Bluetooth Accessories Using Fast Pair

▲ Vulnerable WhisperPair Devices – Hijack Bluetooth Accessories Using Fast Pair(whisperpair.eu)

20 points by gnabgib 5 days ago | 4 comments

▲ miduil 4 hours ago | parent | next [-]

Previous discussion on ?a similar? vulnerability. That means there is yet another critical vulnerability from the same vendors, given the reporting date around ~August I hope this was addressed by Sony and Jabra around the same time.

https://news.ycombinator.com/item?id=46453204

   > Bluetooth Headphone Jacking: A Key to Your Phone [video]
   > 551 points
   > 223 comments
   > 21 days ago

I wonder if some people could find more affected versions or whether there is some tool to detect more models, as I would doubt this is being nearly complete given how many vendors rely on this supplier.

▲

elnerd 4 hours ago | parent [-]

I have the impression this is not the same. In the linked video, they talked about unauthenticated functions in BLE if I recall correctly…

	▲	miduil 4 hours ago \| parent [-]
		yes sorry, just updated my comment shortly before you replied. This is CVE-2025-36911, the other ones were CVE-2025-20700, CVE-2025-20701, CVE-2025-20702. Coincidentally a similar set of headphones affected. This one also has a pairing vulnerability, but I assume fast pair is on the BLE level: > To start the Fast Pair procedure, a Seeker (a phone) sends a message to the Provider (an accessory) indicating that it wants to pair. > [...] allowing unauthorised devices to start the pairing process [...] It's a pity that this is only awarded with $15k, this is a really bad vulnerability - which clearly required thoughtful investigation, publishing, reporting, ... and would have a much bigger audience in the exploit market.

▲ nmstoker 4 hours ago | parent | prev [-]

Was posted a few times recently:

https://news.ycombinator.com/item?id=46631720