A critical security flaw in the Frontier X2 device allows unauthenticated attackers to interact with sensitive device functions via Bluetooth, bypassing all pairing and authorization requirements.

The device fails to enforce mandatory pairing or authorization for BLE communication, allowing any unauthenticated nearby attacker to read from or write to critical GATT characteristics.

With a CVSS score of 8.8, this vulnerability is High severity. Unauthorized access to GATT characteristics can allow an attacker to manipulate device functionality, extract sensitive user data, or potentially cause physical device failure, impacting both user privacy and device safety.

Immediate Action: Consult the vendor for security firmware updates that mandate BLE pairing and authorization for all GATT characteristic interactions.

Proactive Monitoring: If possible, monitor for unauthorized Bluetooth connection attempts or unusual device behavior that may indicate an active BLE-based attack.

Compensating Controls: If no patch is available, disable Bluetooth functionality on the device when not in active use to mitigate the risk of proximity-based exploitation.

Public Exploit Available: False

The absence of authentication for critical BLE functions poses a direct threat to the Frontier X2 device. Users should prioritize updating the device firmware as soon as a fix is released and consider physical security measures to limit exposure to potential Bluetooth-based attackers.