Beacons leverage a common wireless standard that can be detected by nearly every modern smartphone. Because of this wide and wireless coverage, concerns have been raised on the security of beacons.
By default, Beacons are open and static. For example, Apple’s iBeacons constantly broadcast a single repeating payload: UUID, Major ID and Minor ID. Once deployed, anyone can detect these Beacon IDs. This gives rise to two specific risks: Beacon Spoofing & Piggybacking.
This doc is a summary of the risks and general controls available to mitigate attacks.