"This advisory provides mitigation details for a vulnerability that impacts Post Oak Traffic AWAM [Anonymous Wireless Address Matching] Bluetooth Reader Systems. An independent research group composed of Nadia Heninger, Zakir Durumeric, Eric Wustrownd, and J. Alex Halderman identified an insufficient entropy vulnerability in authentication key generation in Post Oak's AWAM Bluetooth Reader Traffic System. By impersonating the device, an attacker can obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack. Post Oak has validated the vulnerability and produced an updated firmware version that mitigates the vulnerability. According to Post Oak, products are deployed in the transportation sector, mainly in the United States. This vulnerability can be exploited remotely."
Industrial Control Systems Cyber Emergency Response Team Advisory, ICSA-12-335-01
United States Computer Emergency Readiness Team: http://www.us-cert.gov/