[Jochim]

Related:

Undocumented backdoor found in Bluetooth chip used by a billion devices

https://news.ycombinator.com/item?id=43301369

[ElectRabbit]

On the HCI interface. That's not a OTA attack.

If an attacker can write raw data the HCI interface you are doomed anyway.

[blitzar]

If you have access to the targets computer and their password there is an attack vector where you can feasibly gain access their files.

[mystified5016]

If and only if the host's serial or HCI driver has some undocumented exploit to gain code execution. (They probably don't)