1. This problem can easily be fixed by having the Smartwatches use Bluetooth's Secure Simple Pairing (SSP). This can greatly improve the pairing process. Easily fixed with an update to the Smartwatch.
2. What these hackers demonstrated was that Bluetooth pairing (which is a one time setup task) is weak if you pair with only a handful of PIN digits -during- the pairing process. However, if you perform the one-time pairing when no attacker is around, even if you used an extremely weak 1 digit PIN, then afterwards your Bluetooth link is extremely secure.
This does -not- show a fundamental weakness of Android Smartwatch technology.
That is not exactly how the hack works. It is not asking the devices to pair with the bluetooh sniffer. The sniffer is just capturing the traffic but the traffic seems to maybe be encrypted with a 6 digit PIN. This allows software to brute force the captured data rather quickly (minutes) until the decrypted information is displayed.
I work as a software engineer writing Bluetooth device firmware at my job, and the vulnerability in the BLE pairing protocol has been known for quite awhile. If we're concerned about security, we just encrypt the data ourselves in the application before sending it over the wireless link. I'm surprised Google didn't take the same approach, or fix their Bluetooth stack implementation to support 128-bit out of band keying.
By the way, Apple also does not currently support Bluetooth's out of band keying feature, and I really wish both companies would support it sometime soon.