Hi, i'm developing an app for Android and iOS that needs to comunicate with a devices based on nRF51422 with S110 v7 loaded.
We want to encrpyt all comunication and enstablish a bond only between the app and our devices.
The device hasn't a keyboard or a screen.
I looked that there are a lot of solutions:
- whitelisting
- static pin
- oob mechanism
I am a little in trouble because whitelisting is bypassable using mac spoofing and it is fixed while static pin is exploitable by a brute force attack.
The oob mechanism seems the best one but there is no support from Android neither iOS. Please correct me if I'm wrong.
I'm thinking to implement a challange response algorithm reading/writing to a GATT characteristic but with SoftDevice I've no access to AES engine. So I feel in a no go issue.
Probably, I'm sure, there is a simpler solution than those I thought and I just wrote to you. Let me know your opinion.
To be clear, I need only to enstabilish a comunication between my devices and my app in an encrypted way using a key hardcoded in the device.
Thank you in advance! Emiliano