Fast Pair Protocol Vulnerabilities Identified
Researchers from KU Leuven University's Computer Security and Industrial Cryptography group have discovered a set of vulnerabilities, termed WhisperPair, within Google's Fast Pair wireless protocol. This protocol is designed for simplified Bluetooth connections between Android/ChromeOS devices and audio peripherals. The identified vulnerabilities could enable unauthorized connections to hundreds of millions of compatible audio devices.
Affected Devices and Potential Exploitation
The research indicated vulnerabilities in 17 audio accessories from 10 companies, including Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google. An attacker located within Bluetooth range (up to 50 feet in testing) of a vulnerable device could establish an unauthorized connection. Possible actions for an attacker include:
- Disrupting or taking control of audio streams or phone calls.
- Playing audio through the victim's earbuds or speakers.
- Activating and using device microphones to monitor ambient sound.
- Utilizing specific Google and Sony devices compatible with Google's Find Hub for location tracking.
KU Leuven researcher Sayon Duttagupta stated that device access could occur in under 15 seconds, allowing for microphone activation, audio injection, or location tracking. Nikola Antonijević, another researcher, commented that an attacker could control the device.
Google's Actions and Ongoing Risks
Google published a security advisory in conjunction with the researchers, confirming the findings. The company has reportedly informed some affected vendors, and security updates have been made available for certain devices. Despite these updates, the KU Leuven researchers cautioned that the WhisperPair vulnerabilities may continue to affect many accessories for months or years, as consumers frequently do not update the software on such internet-of-things devices.