Bluetooth/BLE Attacks

Bluetooth ships on everything and gets audited like almost nothing. Two stacks (Classic BR/EDR and Low Energy) share one bad habit: trusting whatever is on the air. That habit is a GATT database you can read and write without auth, a key-entropy negotiation KNOB downgrades to a single byte, and stack-parsing bugs like BlueBorne that need no pairing and no clicks. How each works, how you sniff the radio with HCI and Ubertooth, the real tools, and what actually defends against it.