[unbelievr]

The latest iterations on the security front utilizes ECDH for key exchange (LE secure connections) and seems fairly robust. The legacy pairing implementation is vulnerable to mitm during the very first bonding, except in the case where the devices use out-of-band data like NFC. Neither Android or iOS opted to ever implement OOB, so that made security more difficult. It required us to tell our customers to reduce output power during bonding, so that the devices had to be close enough to avoid sniffing.

I felt that for the Low Energy part, the security concerns in this article were quite outdated. None of the listed attacks are applicable for LE.

Other than that, I think this gave a very good introduction to the protocol on all layers. I think the future for Bluetooth will be its ability to hook up lots of cheap sensors to a hub (with internet access, optionally) that can work for years without changing the battery. Unfortunately, the companies that already have a market share in e.g audio are trying to stall future advances in the LE front. Others are trying to basically reimplement BR/EDR in LE, thinking it will still stay "low energy".