« BackVulnerable WhisperPair Devices – Hijack Bluetooth Accessories Using Fast Pairwhisperpair.euSubmitted by gnabgib 5 days ago
  • miduil an hour ago

    Previous discussion on ?a similar? vulnerability. That means there is yet another critical vulnerability from the same vendors, given the reporting date around ~August I hope this was addressed by Sony and Jabra around the same time.

    https://news.ycombinator.com/item?id=46453204

       > Bluetooth Headphone Jacking: A Key to Your Phone [video]
   > 551 points
   > 223 comments
   > 21 days ago
    I wonder if some people could find more affected versions or whether there is some tool to detect more models, as I would doubt this is being nearly complete given how many vendors rely on this supplier.
    • elnerd an hour ago

      I have the impression this is not the same. In the linked video, they talked about unauthenticated functions in BLE if I recall correctly…

      • miduil an hour ago

        yes sorry, just updated my comment shortly before you replied.

        This is CVE-2025-36911, the other ones were CVE-2025-20700, CVE-2025-20701, CVE-2025-20702. Coincidentally a similar set of headphones affected.

        This one also has a pairing vulnerability, but I assume fast pair is on the BLE level:

        > To start the Fast Pair procedure, a Seeker (a phone) sends a message to the Provider (an accessory) indicating that it wants to pair. > [...] allowing unauthorised devices to start the pairing process [...]

        It's a pity that this is only awarded with $15k, this is a really bad vulnerability - which clearly required thoughtful investigation, publishing, reporting, ... and would have a much bigger audience in the exploit market.

    • nmstoker an hour ago

      Was posted a few times recently:

      https://news.ycombinator.com/item?id=46631720