Researchers at Purdue University have discovered a new Bluetooth security flaw. The critical flaw is called BLESA (Bluetooth Low Energy Spoofing Attack). BLESA flaw was found in the reconnection process which occurs when two BLE devices move out of range and then move back into range. The vulnerability relates to the reconnection process in the BLE software stack.
A successful BLESA attack allows bad actors to connect with a device by getting around reconnection authentication requirements and send spoofed data to it. BLE is used across billions of devices ranging from computers, smartphones, and IoT devices, and hence the implication of the vulnerability is staggeringly large in terms of security.