简体繁体中英

CoreBluetooth IOS pairing security issues

原文 2022-08-15 11:42:48 6 1 ios/ swift/ security/ bluetooth-lowenergy/ core-bluetooth

I'm trying to implement hard security connection between 2 BLE devices.

From official specification( https://www.bluetooth.com/blog/bluetooth-pairing-part-1-pairing-feature-exchange/ ) I got that I have few ways to pairing Legacy and Secure Connection, includes key exchange methods - (just works, oob, passentry and numeric comparison).

But as I understood in CoreBluetooth framework I can't manage the way to devices are connecting. The way how peripheral and central are connected is hide from me and I can't hope is security way. I found few posts: someone says - CoreBluetooth supports only just works, passentry, numeric comparison methods, but anyway we cant determine what method we are using.

Is there any ways to choice what type of connection and key exchange method I want to use in CoreBluetooth?

As example - I want to use Secure Connection with "just works" method

1 answers

As an iOS GATT client app developer, you don't have any control over the pairing or bonding process, in the current version of iOS at least.

When running iOS as central, it will initiate pairing either if the characteristic you are trying to interact with requires encryption, or the remote device sends an "SMP Security Request".

The used mechanism (legacy/secure connections, just works, passkey, numeric comparison etc.) will be based on the highest possible security that both devices support in common. iOS supports all features and thus the highest possible security (except oob/nfc pairing) so the chosen mechanism and security will therefore be based entirely on what the peripheral supports. If the peripheral that iOS connects to supports only Legacy Just Works, then that's the mechanism that will be used. If it supports LESC with Numeric Comparison, then that mechanism will be used. There is no way for the app developer to lower the security that iOS indicates it supports, to for example force Just Works if the remote device has a display or keyboard.

Unfortunately, from what I know, you don't know from the app's perspective the current security level that is actually in use though...

Xcode iOS Bluetooth pairing issues

CoreBluetooth pairing feedback / callback

iOS CoreBluetooth: Is there a way to do JustWorks pairing without showing the alert view on iOS?

iOS - CoreBluetooth

Unable to show the pairing dialog using CoreBluetooth

Pairing two BLE Devices with the same UUID (with CoreBluetooth)

CoreBluetooth state preservation issues

iOS CoreBluetooth CBPeripheral didReceiveReadRequest

iOS CoreBluetooth Notifications

iOS UUID deprecated corebluetooth

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Xcode iOS Bluetooth pairing issues CoreBluetooth pairing feedback / callback iOS CoreBluetooth: Is there a way to do JustWorks pairing without showing the alert view on iOS? iOS - CoreBluetooth Unable to show the pairing dialog using CoreBluetooth Pairing two BLE Devices with the same UUID (with CoreBluetooth) CoreBluetooth state preservation issues iOS CoreBluetooth CBPeripheral didReceiveReadRequest iOS CoreBluetooth Notifications iOS UUID deprecated corebluetooth

Related Tags

CoreBluetooth IOS pairing security issues

Question

1 answers

solution1 0 2022-08-15 16:18:16

solution1
0 2022-08-15 16:18:16