CERT issued a warning for a Bluetooth security flaw that could lead to a man-in-the-middle attack. The flaw takes advantage of a vulnerability in Secure Simple Pairing and LE Secure Connections, but your iPhone, iPad, and Mac are safe if you’re staying on top of system updates.
The CERT security note says,
Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Translated back in to normal human-speak, that means your computer, smart phone, or tablet may not be verifying the security key a device—like wireless headphones or speakers—sends before pairing. A clever hacker that’s nearby can watch for those pairing requests, intercept them, and pose as the paired device. Once the malicious pairing is complete the hacker can capture the data you send over Bluetooth and potentially access other information on your computer.
The good news, at least for iPhone, iPad and Mac users, is Apple already patched the security flaw with iOS 11.4.1 and macOS High Sierra 10.13.6. Apple also released Security Update 2018-004 for mac OS Sierra and El Capitan.