Did you know – enabling Bluetooth in non-discovery mode doesn't prevent access to your smartphone
The way this goes is that most consumer devices rely on the Bluetooth Device Address (BD_ADDR) information as a security mechanism. Operating in discoverable mode, Bluetooth devices respond to page request messages issued by other gadgets with their BD_ADDR information. In non-discoverable mode, though, BD_ADDR information requests are ignored. It may be common sense, but devices in discoverable mode are especially vulnerable as they get easily identified with tools such as BTScanner that send repeated page request messages to all Bluetooth devices within range.
What's the take-away here? Keeping Bluetooth devices non-discoverable is still good practice, but it won't stop attackers. They are able to send con request messages to every common BD_ADDR prefix or OUI until the full BD_ADDR is known. Either that, or they can use a list of common BD_ADDR prefixes that lets an attacker test all known Bluetooth OUI values in less than 2 minutes. Ultimately, Bluetooth is best left switched off unless you're using it to pair a device or transmit information.
source: SANS Tech Institute via MakeUseOf