Vulnerable WhisperPair Devices – Hijack Bluetooth Accessories Using Fast Pair(whisperpair.eu)
whisperpair.eu
Vulnerable WhisperPair Devices – Hijack Bluetooth Accessories Using Fast Pair
https://whisperpair.eu/vulnerable-devices
4 comments
I have the impression this is not the same. In the linked video, they talked about unauthenticated functions in BLE if I recall correctly…
yes sorry, just updated my comment shortly before you replied.
This is CVE-2025-36911, the other ones were CVE-2025-20700, CVE-2025-20701, CVE-2025-20702. Coincidentally a similar set of headphones affected.
This one also has a pairing vulnerability, but I assume fast pair is on the BLE level:
> To start the Fast Pair procedure, a Seeker (a phone) sends a message to the Provider (an accessory) indicating that it wants to pair. > [...] allowing unauthorised devices to start the pairing process [...]
It's a pity that this is only awarded with $15k, this is a really bad vulnerability - which clearly required thoughtful investigation, publishing, reporting, ... and would have a much bigger audience in the exploit market.
This is CVE-2025-36911, the other ones were CVE-2025-20700, CVE-2025-20701, CVE-2025-20702. Coincidentally a similar set of headphones affected.
This one also has a pairing vulnerability, but I assume fast pair is on the BLE level:
> To start the Fast Pair procedure, a Seeker (a phone) sends a message to the Provider (an accessory) indicating that it wants to pair. > [...] allowing unauthorised devices to start the pairing process [...]
It's a pity that this is only awarded with $15k, this is a really bad vulnerability - which clearly required thoughtful investigation, publishing, reporting, ... and would have a much bigger audience in the exploit market.
Was posted a few times recently:
https://news.ycombinator.com/item?id=46631720
https://news.ycombinator.com/item?id=46631720
https://news.ycombinator.com/item?id=46453204
I wonder if some people could find more affected versions or whether there is some tool to detect more models, as I would doubt this is being nearly complete given how many vendors rely on this supplier.