Andy GreenbergHundreds of millions of earbuds, headphones and speakers need a security update (yes, you need to update your earbuds) to prevent a wireless hacking technique that can hijack audio, eavesdrop via mics, and in some cases remotely track the accessory’s location. https://www.wired.com/story/google-fast-pair-bluetooth-audio-accessories-vulnerability-patches/
This was caused by flawed implementations of Google's Fast Pair one-tap Bluetooth protocol. But it doesn't just affect Android users. Anyone (yes, iPhone users) with audio accessories from Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google itself may be vulnerable.
Most worrying: Some Sony and Google peripherals can be geolocated and tracked with Google's Find Hub device location feature for stealthy stalking.
Google told WIRED and the researchers who found the flaws that this was fixed, but the researchers told us they immediately bypassed Google's patch.
Google has been notifying device vendors. Many have patches ready. But given how rarely users update their earbuds/headphones/speakers, the flaws will likely persist for years.
(Update your accessories by downloading/updating the app from the manufacturer. It should have the patch or will soon.)
Olm-e@agreenberg I tapped into a neighbor headset some days ago without even willing to, just by pairing some cheappo earbuds to a new (old) phone ... obviously this is not even an "attack" but a major security flaw in the name of convenience ...
Adam Shostack 
@agreenberg Is there reason to think it's just them, or is it anyone who does Fast Pair, and they just tested those?
@adamshostack They tested others that weren't vulnerable in their implementation. Here's their full chart of results:
@agreenberg Thanks! That's really quite fascinating from an appsec perspective. I wonder what the folks who did well do differently than the folks who didn't.
cc @boblord
@agreenberg is a link to the paper available? I don't see one in your story or the whisperpair website, which says "[citation will be here later]"