New attack exploits a serious Bluetooth weakness and sensitive data can be intercepted. "KNOB" forces BT devices to use encryption keys that are trivial to break.
Microsoft Windows, Apple OS and iOS, Android and others have released patches so make sure your devices are up-to-date. For Windows, be sure to read the article at the MS link because their patch isn't enabled by default and additionally requires the user to update the registry manually for reasons explained at that link.
And all this assumes your OS provider is offering an update for this and other recent security issues. Samsung hasn't updated my Android 7 smartphone in a long time even though the phone is only a couple of years old.
Makes me wonder how these OS and chip developers can be so careless about security...? <rhetorical question>
A new Bluetooth vulnerability named "Key Negotiation Of Bluetooth attack" or "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. Bluetooth BR/EDR versions require to support encryption keys with entropy between 1 and 16 bytes and do not secure the key negotiation protocol. As a result, the attacker completely breaks Bluetooth BR/EDR security without being detected."
This is why I keep all blue-tooth radios OFF at all times on ALL my devices.
Attackers can be miles away using a bluetooth sniper rifle.