Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.