FYI,
Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device. The attacker can then intercept and decrypt and/or forge and inject device messages.