The Trifinite group has come up with a new and interesting development again. They've just released an auditing tool called "The Car Whisperer".
Equipped with this software running on a Linux laptop and a suitable Bluetooth antenna, it is possible to connect to cars that have an unsecure Bluetooth hands-free unit. After this, it is possible to eavesdrop on the discussion inside the car, or use the hands-free unit to talk to whoever is in the car.
This attack is made possible by the fact that many car manufacturers use a constant Bluetooth passkey such as "0000" or "1234". Which is a bad idea.