Hello,
I have a product that uses just works pairing, as the user should walk up to the device to pair (but not bond). As this is using Just Works, the connection should be encrypted but does not protect against MITM(?).
What is common practice when a device needs to work with Just Works pairing, but still have security to stop MITM attacks? If I'm not mistaken encryption should automatically have data data signing to verify the data is authentic.
I want to know that the data is authentic and stop MITM attacks. Would the solution be to add another layer of encryption to the software (e.g. AES)?
