Hard to say without knowing what they implemented. What is listed isn't accurate. Typically SHA is used to store passwords somewhere or for integrity, not for transport.
Jaakko Fagerlund wrote:Changes, but how? PRNG? Timestamp?
Math, which does include randomness, but there's more to it.
What they might mean by secret key changing is the bluetooth authentication challenge made from the pin, hardware address, and random part generated. So long as the hardware address and the pin doesn't change the result is the same on either side and authentication is made with an everchanging key. It's like other encryption protocols where the randomness is used as a "seed" with other information, like Diffie-Hellman but I think bluetooth is still different in a way that allows the random part to be acquired. There was talk years ago about using DH in mode 3 but I don't have any knowledge of whether or not it has been implemented. Everything I have found with a cursory look indicates no change has happened.
In any case, there's lots of information about how to do this. Just a random paper that does an okay overview on the math and is focused on breaking it:
https://www.usenix.org/legacy/event/mob ... shaked.pdfWithout something more, it isn't secure. However worth mentioning, the range is pretty short. You would have to be within tens of feet or use a directional antenna and wait to get the key exchange. It would take someone dedicated and with technical skill to crack just one pairing. Then the admin could revoke those access rights, but then they would have to know the pin was stolen to begin with.
As usual, a brick is better and surreptitious entry takes significant effort, which is all we can really do.