A vulnerability exists in certain implementations of Bluetooth 4.0 through 5.0 which allows an attacker to overwrite or lower the strength of the pairing key, giving them access to authenticated services. The bug was discovered independently by two teams of academic researchers and received the name BLURtooth. It affects dual-mode Bluetooth devices, like modern smartphones. The solution from vendors with potentially vulnerable implementations is to introduce restrictions on Cross-Transport Key Derivation that are required in Bluetooth Core Specification versions 5.1 and later.
Source: https://www.bleepingcomputer.com/news/security/blurtooth-vulnerability-lets-attackers-defeat-bluetooth-encryption/