Le document qui décortique les failles est intéressant à lire, et dit clairement que le côté usine-à-gaz de la spéc Bluetooth est en partie responsable de ce genre de bugs :

http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf :
Bluetooth is complicated. Too complicated. Too many specific applications are defined in the stack layer, with endless replication of facilities and features. These over-complications are a direct result of the immense work, and over-engineering that was put into creating the Bluetooth specification. Just to illustrate this point: while the WiFi specification (802.11) is only 450 pages long, the Bluetooth specification reaches 2822 pages.

Bluetooth’s complexity kept researchers from auditing its implementations at the same level of scrutiny that other highly exposed protocols, and outwards-facing interfaces have been treated with. The result of the lack of review is a large number of vulnerabilities, such as those which we are disclosing here. The complications in the specifications translate into multiple pitfall junctions in the various implementations of the Bluetooth standard.

An example of the unnecessary complexity of Bluetooth is fragmentation, a common concept in many protocols, and a soft spot in every implementation. The Bluetooth specification has no less than 4 different fragmentation layers implemented throughout the stack (...) the faulty design of SDP’s fragmentation mechanism makes it a terribly hard mechanism to implement without bugs. Even when specific validations are put in place (as in Android’s implementation) - eliminating all bugs that can be a result of convoluted state confusions is almost an impossible mission.

Je pense que le jour où quelqu'un aura le courage de passer au peigne fin les spécs USB, ça va être rigolo aussi. Et encore plus maintenant que WebUSB existe, d'ailleurs.