They also demonstrated how this could be used to silently find out someone’s phone number and then hijack a TFA validation call from an app like WhatsApp to take over their account with no user interaction.
Right, but isn't it noisy ... at the headphone level? (i.e. not heard when not wearing them?).
What I'm getting at is that I think the risk varies depending on how often you leave the headset paired; for example, if the headphones are over-ear, those are more prone to not be turned off --- and remain connected; thus, a greater chance of success for establishing a BlueTooth classic connection without getting noticed and performing the WhatsApp account take-over until they listen to "I'm gonna take a shower, honey!" in the distance.
