Secure BLE provisioning

[DemiMarie]

The BLE provisioning process is not secure against monster-in-the-middle attack. This can be solved without needing the device to have a display by having a static secret key on the device (preferably, though not necessarily, in a secure element) that has the corresponding public key printed on the device (in a QR code).

[DemiMarie]

Does this send data in the clear, or would intercepting the credentials require an active attack? The former would be a critical vulnerability, while the latter is at least somewhat harder to exploit.