Apple

Team,

What is the default security mode used by iOS when we are connecting to a BLE device?

is it "Just work"?

Thanks and Regards,
Srikanth BH
Hyderabad
Ph: 8897362226

From: Etan Kissling [email@hidden]
Sent: 26 September 2013 04:03:49
To: Srikanth Bonthapally (WT01 - HLS)
Cc: <email@hidden>
Subject: Re: BLE security

Note that you can even recognize the iPhone after a full "Erase Data and Contents",

and even after deleting the pairing on the iPhone.

On 26.09.2013, at 11:02, Etan Kissling <email@hidden>

wrote:

No API to check, as iOS takes over the whole pairing process.

What I experienced is that iOS supports only pairing methods with MITM protection

(aka PIN code entry, as OOB data cannot be supplied through an API), when using

the CoreBluetooth permission flags.

I assume that, as Bluetooth Low Energy encryption is weak, you probably only need the

pairing to resolve the private address of the iPhone (the Bluetooth address changes every

10-20 minutes - or at least after a phone reboot). To accomplish this, you can send a

pairing request from your device with MITM protection disabled (Pair / Cancel button),

and successfully pair.

Such a pairing is sufficient to resolve the private iPhone address, but you cannot write

to CoreBluetooth characteristics that require special permissions with them.

Therefore, you will have to keep CoreBluetooth characteristics clean of permissions,

and use the SSP pairing only to recognize the iPhone for future connections.

Another issue you will notice is, that there is no API to verify whether a given central

is paired with the system :-) Have to create application-level protocols for such stuff!

Etan

On 26.09.2013, at 10:51, <email@hidden>

wrote:

Team,

Did core bluetooth supports Just works security mode(SSP). Is there any api in core blue tooth to check?

Thanks and Regards,
Srikanth BH
Hyderabad
Ph: 8897362226

Please do not print this email unless it is absolutely necessary.

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Bluetooth-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

References:
	>BLE security (From: email@hidden)
	>Re: BLE security (From: Etan Kissling <email@hidden>)
	>Re: BLE security (From: Etan Kissling <email@hidden>)