Researchers at the IT Security, Privacy and Responsibility Center (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR / EDR connections. The researchers identified that it is possible for a hacker It could weaken the encryption of Bluetooth devices and subsequently spy on communications or send counterfeit ones to take over a device.
Instead of directly breaking the encryption, the attackers use two Bluetooth devices and force them to use weaker encryption, which makes it much easier to decipher. Each time two Bluetooth devices are connected, they establish a new encryption key.
If a hacker gets between that configuration process, it could trick both devices into an encryption key with a relatively small number of characters. At this time the hacker would have to perform a brute force attack against one of the devices to Discover the exact password, the vulnerability discovered makes this happen in a considerable amount of time.
Although this security flaw is important, specialists say that you do not have to worry much because it does not occur on all Bluetooth devices and for this attack to be possible the hacker must be present during the connection of the Bluetooth devices, block the transmission initial of each device when establishing the length of the encryption key and transmitting its own message, "all within a limited period of time".
So far no evidence has been found that the vulnerability has been used by any attacker.