This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

does static passkey provide MITM protection after BLE4.2 ?

BLUETOOTH SPECIFICATION Version 5.0 | Vol 3, Part H page 2321 Figure 2.4

According to the figure, if an eavesdrop device exists in the pairing process, it is easy to obtain Cai, Nai, PKA, and PKb. It should not be difficult to obtain rai, and thus ra, that is, passkey.

Is it impossible to provide MITM protection,If I use static passkey.Or I understand the mistake.

Parents
  • Hi,

    You will be able to get "MITM protection" when using static passkey, it's just that it isn't totally secure from MITM attacks. It is a relatively low probability for success.

  • Sorry, what I meant was that it is a low probabilty to guess the passkey, so for brute-force guesser it will take some time to connect to a device. For eavesdroppers, who can sniff the static passkey pairing transmission between two devices, it won't be difficult to get a hold of the passkey. So it is like you said once the static passkey is known it won't be secure at all. 

    Static passkey will only help you avoid that users connect to the wrong device in a multi-device environment. If you need protection against MITM-attacks, you should use a random passkey with a display.

Reply
  • Sorry, what I meant was that it is a low probabilty to guess the passkey, so for brute-force guesser it will take some time to connect to a device. For eavesdroppers, who can sniff the static passkey pairing transmission between two devices, it won't be difficult to get a hold of the passkey. So it is like you said once the static passkey is known it won't be secure at all. 

    Static passkey will only help you avoid that users connect to the wrong device in a multi-device environment. If you need protection against MITM-attacks, you should use a random passkey with a display.

Children
Related