Cryptographers have found a security flaw in Bluetooth that allows unauthorized pairing between (among other things) mobile phones. Pairing is the process that Bluetooth devices go through to make sure the owner of each device is aware of the connection. During pairing, the same PIN has to be entered on both devices.
The new flaw allows a malicious user to pair without the other device alerting its owner. It masquerades as another device that’s currently paired with the target:
Avishai Wool and Yaniv Shaked [of Tel Aviv University in Israel] have managed to force pairing by pretending to be one of the two devices and sending a message to the other claiming to have forgotten the link key. This prompts the other device to discard the link key and the two then begin a new pairing session, which the hacker can then use.