This is an absolute non-issue, as others have commented.
Even without domain-specific knowledge, we can see this is all nonsense: 'Allow attackers to carry out impersonation attacks' - the same thing that can be done with any number of legitimate and useful applications designed for developing with BLE, available on Android marketplace :*)<p>On any embedded platform which allows low level access to a radio transciever of any kind, it is possible to exercise all functionality, which will include various possible attacks. The only thing which prevents this in the industry at present is obfuscation, which most manufacturers (other than Espressif) dont bother with.<p>Take Nordic for example, who make probably the best and most widely used/respected BLE chipset: the full functionality of the transciever can be used via a relatively small set of registers, which are fully documented. Nordic supply a BLE stack, but you can perfectly well write your own instead, meaning that you can deliberately or accidentally abuse all aspects of the protocol.
Even at physical level, one can easily conduct simple jamming attacks, by broadcasting full power carrier signal on the BLE advertising channels.<p>None of this naughtiness is a security flaw. BLE and other wireless protocols in common use are well designed to be resistant to jamming, and the physical implementation of the radios on various SoCs available currently are limited: you cant put out 10 watts of hash over 82 channels at once, because the silicon doesnt support it.
You cant even 'sniff' BLE traffic in a real sense, because the silicon on requires a significant number of bytes of 'address' in order to capture any meaningful packet data from ambient noise.<p>Here is C code, as a fun example, to broadcast full power carrier on any channel, from Nordic NRF52. This is absolutely documented and useful for testing (for example emissions).<p>// set channel to number between 0 and 100
int channel = 0;<p>nrf_radio_shorts_set(0);
nrf_radio_int_disable(~0);
nrf_radio_event_clear(NRF_RADIO_EVENT_DISABLED);
nrf_radio_task_trigger(NRF_RADIO_TASK_DISABLE);
while (!nrf_radio_event_check(NRF_RADIO_EVENT_DISABLED)) {}
nrf_radio_event_clear(NRF_RADIO_EVENT_DISABLED);<p>nrf_radio_mode_set(RADIO_MODE_MODE_Ble_LR500Kbit);
nrf_radio_shorts_enable(NRF_RADIO_SHORT_READY_START_MASK);
nrf_radio_txpower_set(0);
nrf_radio_frequency_set(2400 + channel);
nrf_radio_task_trigger(NRF_RADIO_TASK_TXEN);