Re: Cross-app security/privacy

Subject: Re: Cross-app security/privacy
From: John Smith <email@hidden>
Date: Fri, 26 Apr 2013 17:14:21 -0700

A couple thoughts on why it could be considered non-ideal:

It's overhead. Application-level encryption is only necessary because of the fact that pairing in iOS is per-device rather than per-app. Other single-purpose Central devices designed to communicate with the same Peripheral are forced to implement the same application-level encryption where transport-level encryption would otherwise be sufficient.
There are standard profiles defined which include authorization mechanisms, but don't include application-level encryption (some of which deal with data I would consider sensitive -- e.g. medical data). As a result, the peripheral is basically forced to decide if they want to be compliant with a standard profile, or if they want to protect sensitive data from being accessed by third party apps (i.e. apps which did not perform the pairing as intended by the user) on iOS devices.

--John

On Fri, Apr 26, 2013 at 1:57 PM, William Henderson <email@hidden> wrote:

Just curious, why is application-level encryption not ideal? I'd go that route for anything that truly mattered, regardless the existance of this security issue.

--
William Henderson
Sent from my iPhone

On Friday, April 26, 2013 at 11:01 AM, John Smith wrote:

I've identified what seems to be a security/privacy issue with CoreBluetooth. Please let me know if I'm missing something, or if there's a good way around this.

Consider this scenario:

After user interaction, app A initiates a connection and (after a pairing dialog is presented) pairs/bonds with a peripheral per the Bluetooth core spec.
App A performs authorization defined by a higher-level specification, and is thus able to write/read sensitive data.

App B connects to the same (cached) CBPeripheral (no pairing dialog is presented), and is able to piggyback on the authorization that app A obtained. It is able to write/read sensitive data without the user's knowledge.

One way to protect against this would be to implement application-level encryption on all characteristics... But this would obviously not be ideal.

Ideally, CoreBluetooth could allow a pairing to be restricted to a single application. To maintain user control over this process, a dialog could be displayed to the user at pairing time (i.e. "Do you want to allow App A to create an exclusive pairing with PeripheralName?"). I haven't put a lot of thought into this solution -- there may be other problems with it, or more elegant ways to do this.

I'm hoping there's already a way to do this, or something similar that wouldn't require application-level encryption... But I haven't had any luck identifying a solution so far.

Pointers/thoughts?

Thanks,
John

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Bluetooth-dev mailing list (email@hidden)

This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Bluetooth-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>Cross-app security/privacy (From: John Smith <email@hidden>)
	>Re: Cross-app security/privacy (From: William Henderson <email@hidden>)

Prev by Date: Re: Cross-app security/privacy
Next by Date: How to change max/ min interval on BTLE
Previous by thread: Re: Cross-app security/privacy
Next by thread: How to change max/ min interval on BTLE
Index(es):
- Date
- Thread