By rssfeeds-admin 
The vulnerability, commonly known as WhisperPair, affects millions of Bluetooth audio devices worldwide, enabling unauthorized pairing and potentially granting unauthorized access to microphones without user consent.
Vulnerability Overview
CVE-2025-36911 represents a significant cryptographic weakness in the Fast Pair Key-Based Pairing mechanism.
The vulnerability stems from missing signature verification on pairing requests and the absence of user confirmation requirements, allowing attackers to establish persistent Bluetooth connections to vulnerable devices.
Researchers from KU Leuven’s COSIC and DistriNet groups discovered the vulnerability through systematic protocol analysis.
The attack chain begins with BLE scanning for devices broadcasting the 0xFE2C Fast Pair service UUID, proceeds through key-based pairing bypass, and culminates in Bluetooth Classic bonding that provides permanent audio profile access.
The flaw allows attackers to write persistent Account Keys, enabling covert device tracking through Google’s Find Hub Network infrastructure.
WPair Scanner Capabilities
The tool provides security researchers with three operational modes: vulnerability scanning for unpatched devices, non-invasive testing that determines patch status without triggering pairing, and proof-of-concept exploitation for authorized security assessments.
Post-exploitation, the application enables Hands-Free Profile audio access, enabling real-time microphone listening and M4A-format recording.
| Feature | Description | Status | Use Case |
|---|---|---|---|
| BLE Scanner | Discovers Fast Pair devices broadcasting 0xFE2C service UUID | Active | Device inventory and reconnaissance |
| Vulnerability Tester | Non-invasive check to determine if device is patched against CVE-2025-36911 | Active | Risk assessment without triggering pairing |
| Exploit Demonstration | Full proof-of-concept exploitation for authorized security testing | Active | Authorized vulnerability validation |
| HFP Audio Access | Demonstrates microphone access via Hands-Free Profile post-exploitation | Active | Impact demonstration |
| Live Listening | Real-time audio streaming to phone speaker | Active | Proof-of-concept microphone access |
| Recording | Capture and save audio streams as M4A files | Active | Evidence collection and testing |
| Field | Details |
|---|---|
| CVE ID | CVE-2025-36911 |
| Vulnerability Type | Authentication Bypass / Cryptographic Weakness |
Attackers exploiting WhisperPair can establish persistent connections to victim headphones without explicit consent, access microphone streams for eavesdropping, and build location-tracking infrastructure through Account Key persistence.
Unlike traditional Bluetooth exploits requiring proximity during pairing, CVE-2025-36911 enables post-pairing compromise of already-configured devices.
Installation requires Android 8.0 or higher with Bluetooth LE support; the application is available via GitHub releases or direct compilation from source code.
Notably, the WPair implementation deliberately excludes FMDN provisioning functionality to prevent weaponization as stalkerware, demonstrating responsible disclosure principles.
Device manufacturers face urgent remediation requirements through firmware updates, implementing cryptographic signature verification and explicit user confirmation mechanisms.
Users should monitor vendor security advisories and apply patches promptly, especially for frequently used audio devices.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post WPair Scanner Released to Detect WhisperPair Flaw in Google Fast Pair Protocol appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.