Bluetooth proxy device security and privacy

I recently added a bluetooth proxy on home assistant to handle switchbot buttons and everything works fine.

This evening all of a sudden my home assistant detected 2 new devices:

• 1 iBeacon Tracker
• Oral B toothbrush

Now, with a simple click I have these 2 configured devices synchronized with my smart home, I have no idea who they are, but I can safely track the location of the beacon (whatever it is attached to) and see when one of my neighbors brushes their teeth.

I don’t remember anymore when I paired my switchbots ifI had to do some pairing procedure or something, but what about security or privacy? Is it normal that I can add devices without having either authentication or the need to have them in my hand and press a button or anything?

Today it’s a toothbrush and not a big deal, but what if it’s an electronic lock with Bluetooth? Or if we leave out security, what about privacy? What if it was a bluetooth sex toy and I could see every time a neighbor used it?

I mean, none of this has anything to do with HA; the devices themselves are just broadcasting the data unencrypted and HA is just presenting it.

I’ve definitely picked up a number of random devices and most folks turn off auto-discovery for iBeacons as you’ll get an absolute ton if you have meaningful foot traffic near your house.

Most of my BT devices in HA are encrypting their data, but not all. Those that aren’t, I’m okay with that (although I’d certainly prefer that they do if it was an option).