Abstract: Bluetooth enables basic communication prior to pairing as well as low-energy information exchange with multiple devices. The ecosystem is extensively using Bluetooth for coordination tasks that run in the background and enable seamless device handover. To this end, established proprietary protocols. Since their implementation is closed-source and over-the-air fuzzers are very limited, these protocols are largely unexplored and not publicly tested for security. In this paper, we summarize the current state of 's Bluetooth protocols. Based on this, we build the in-process fuzzer and evaluate the implementation security of these protocols. We find a zero-click Remote Code Execution (RCE) that was fixed in and simple crashes.