Which method is recommend for BLE security?

Hi Marco,

Petter is away. I will try to help you.

No, protection against eavesdropping doesn't help increase security against MITM. MITM is about authentication, how can you be sure the device your central talking to is actually the device you looking at ? The scenario is you're using your central device A to pair to a device B, but actually the communication is going to a MITM device, and then that MITM then pair to the device B separately. With Just Work, you have no way of authentication (screen, keyboard etc) when pairing. You can never figure out that you are talking to the wrong guy.

This is different to eavesdropping, where the two device A-B actually talking to each other, the third guy just listen and understand what's transmitting between A-B.

Yes we have this example in the SDK showcasing LESC.

Hi Marco,

Petter is away. I will try to help you.

No, protection against eavesdropping doesn't help increase security against MITM. MITM is about authentication, how can you be sure the device your central talking to is actually the device you looking at ? The scenario is you're using your central device A to pair to a device B, but actually the communication is going to a MITM device, and then that MITM then pair to the device B separately. With Just Work, you have no way of authentication (screen, keyboard etc) when pairing. You can never figure out that you are talking to the wrong guy.

This is different to eavesdropping, where the two device A-B actually talking to each other, the third guy just listen and understand what's transmitting between A-B.

Yes we have this example in the SDK showcasing LESC.