The BLURtooth flaw allows attackers within wireless range to bypass authentication keys and snoop on Bluetooth devices. The issue exists in the pairing process for Bluetooth 4.0 through 5.0 implementations. This pairing process is called Cross-Transport Key Derivation (CTKD) A hole in CTKD makes it possible to lower the strength of these encryption keys. That in turn paves the way for an attacker to pair their own devices to the target s device, with no authentication needed. The attacker could then sniff out communications between the two devices.
Source: https://threatpost.com/bluetooth-bug-mitm-attacks/159124/