Major Bluetooth vulnerability
An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device. The attacker can then intercept and decrypt and/or forge and inject device messages.
More information here, here, and news article here, here.
I wonder about all the hardware that is not possible to update.