Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Researchers working at KU Leuven in Belgium They warn People who use Bluetooth audio products have learned that their devices may be at risk due to vulnerabilities in Google’s Fast Pair technology, a feature that makes connecting Bluetooth devices faster and easier.
Google says it has addressed issues that could allow hackers to compromise its data Audio devices And track their location. But researchers say the vulnerabilities, which they collectively refer to as WhisperPair, continue to affect products from device makers including Sony, Harman and Google itself. In their tests, researchers found that these products could be penetrated from a distance of up to about 46 feet.
A Google representative told CNET that it has updated the software for some of its own audio products, including… Pixel Buds ProAnd some vulnerabilities stem from other companies not following Fast Pair specifications properly. Google said it informed the companies about this in September.
Don’t miss any of our unbiased technical content and lab reviews. Add CNET As Google’s preferred source.
“We value collaboration with security researchers through our vulnerability bounty program, which helps keep our users safe,” Google said in a statement provided to CNET. “We have worked with these researchers to fix these vulnerabilities, and we have not seen evidence of any exploitation outside of the laboratory setting of this report.” “As a security best practice, we recommend users check their headsets for the latest firmware updates. We are constantly evaluating and enhancing the security of Fast Pair and Find Hub.”
In response to specific concerns about device tracking, Google added: “We’ve rolled out a fix of our own to prevent Find Hub network provisioning in this scenario, which fully addresses the potential location tracking issue across all devices.”
Google released two security updates this month, one for Wear OS and One for Google Pixel devices. Each contains information about the company’s security patches.
The WhisperPair research group said it is working on an academic paper detailing its findings. “Our findings show how a small, easy-to-use add-on can pose widespread security and privacy risks for hundreds of millions of users,” the group of researchers said on its website.
The research group issued a YouTube video Discussing issues with Fast Pair, a Google technology introduced in 2017 that connects Bluetooth devices with one click across Android and Chrome OS.
The group said it worked with Google after reporting its findings and received a $15,000 reward. The researchers said they agreed to a 150-day disclosure period during which Google would release security patches. However, the site points out that users of Bluetooth devices such as earbuds may not be aware of security updates that may protect them.
The website includes a page where users can search for audio Products are vulnerablewith details on how to update it. Google does not have detailed information about these vulnerabilities on its site Known issues with Fast Pair page.