Discovered by researchers at Purdue University and known as BLESA (Bluetooth Low Energy Spoofing Attack), it seems that this vulnerability exploits the reconnecting of previously paired devices. Ideally, when devices reconnect with each other, they should re-check each other’s cryptographic keys.
However, due to the language of the protocol, it was discovered that this reauthentication is not mandatory and is apparently optional. Even when applied, it could also be circumvented. This means that in theory, attackers might be able to spoof the connections of previously connected devices, thus allowing them to trick users into connecting to a completely different device and intercept their traffic and conduct malicious attacks.
The good news is that based on what the researchers found, Windows devices are apparently immune to this attack, and so are Apple’s devices as the company had patched the flaw back in May. However, IoT devices, Android devices, and Linux-based laptops are at risk, but hopefully manufacturers will issue updates to address this problem soon.