A new Bluetooth vulnerability known as BrakTooth has been publicized, impacting the popular Espressif ESP32 IoT chip. The details of exactly how the hack works are not yet known (the research team is waiting until October to publicly release a proof-of-concept), but reportedly will allow an attacker to execute arbitrary code which can do everything — including modifying the state of GPIO pins without physical access to the device.
You can read more about the attack on HackADay, or the details from the security researchers here.