Bluetooth Spoofing Bug Affects Billions of IoT Devices | Threatpost: "BLE further facilitates access for an attack because its advertising packets are always transmitted in plain-text, so an attacker can easily impersonate the benign server by advertising the same packets and cloning its MAC address"
"This is the second major bug found in Bluetooth this month. Last week, the “BLURtooth” flaw was announced, which allows attackers within wireless range to bypass authentication keys and snoop on devices in man-in-the-middle attacks."