Researchers at Boston University would have identified a dangerous vulnerability to the protocol BT which is the basis of communication technology Bluetooth. This problem would involve almost all the most used operating systems (Windows, macOS and iOS) except for Android, which would seem to be immune.
The leak would have been detected in the specification BLE (Bluetooth Low Energy), it was made official in 2010 and is now integrated into the modules of all the latest devices. Its purpose is to limit energy consumption during data transfer operations, basically it has the task of reducing the impact on battery autonomy.
The implementation of this specification for the platforms mentioned above does not require that the information exchanged between two devices take place exclusively on encrypted channels, so the risk is that an attacker could trigger a type attack Man in the Middle to interfere with interchange and steal confidential information.
At a theoretical level, an action of this type should not be possible as the MAC addresses of the devices are produced randomly precisely to prevent their identification. However, "unencrypted" transmissions would allow the isolation of ID tokens by which to bypass the protection and access the communications made.
A vulnerability like the one described could allow different unauthorized tracking procedures, among these there would also be the possibility to intercept information related to the location of a device. Fortunately, up to now no incidents regarding violations carried out due to this issue have emerged.