Security researchers have discovered a vulnerability called WhisperPair that allows attackers to hijack Google Fast Pair–enabled Bluetooth devices.

The flaw affects more than a dozen products from major manufacturers, including Sony, JBL, Google, and OnePlus, even if users have never used Google services.

Attackers can exploit the weakness in seconds from up to 14 meters away, often without the victim noticing.

Once connected, hackers can interrupt audio, track a user’s location, and even access a device’s microphone to listen in on conversations, Ars-Technica has reported.

Google has acknowledged the issue, but individual manufacturers are responsible for issuing patches to fix affected devices.