The IoT world is abuzz with the discovery of a new Bluetooth flaw that opens the door to man-in-the-middle attacks, which are exactly what they sound like — attacks where a third party wedges itself between two of your networked devices and helps itself to the sensitive data stored on each. These attacks are possible when the network has weak or no security, and that is precisely the problem inherent in CVE-2018-5383, a cryptographic flaw that affects two Bluetooth features — Secure Simple Pairing and LE Secure Connections.
Article Link: https://blog.avast.com/bluetooth-security-flaw