Schneier - Major Bluetooth Vulnerability
Bluetooth has a serious security vulnerability:
In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages.
Paper. Website. Three news articles.
This is serious. Update your software now, and try not to think about all of the Bluetooth applications that can't be updated.
from Schneier on Security https://www.schneier.com/blog/archives/2018/07/major_bluetooth.html