• State Verified Answer
  • Replies 4 replies
  • Subscribers 75 subscribers
  • Views 2319 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 214466
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How do I prevent an iPhone from bonding?

Andrew Ong

Currently, in my application, any iPhone can attempt to read from one of my protected characteristics and initiate the bonding sequence. I have it set to "just works" mode (no PIN or out-of-band pairing) Where can I put an if statement that lets me restrict the bonding to only when a button is pressed? The context is that I have random private addresses turned on, and if any iPhone can bond, then there's no point in the random private addresses. 

Parents
  • +1

    Hi Andrew, 

    Have you considered using whitelist ? You can limit the connection of other phones to only the phones you have bonded with. 

    If whitelist is not an option ( you still want to allow connection from any phone) you can think of dynamically configure peermanager to enable and disable pairing. To disable pairing, you can simply call pm_sec_params_set() with NULL parameter to disable pairing and call it again with correct parameter to enable pairing/bonding. 

    If you don't use peermanager, then you have full control, just choose what to reply when you receive the BLE_GAP_EVT_SEC_PARAMS_REQUEST event 

  • 0 in reply to Hung Bui

    A whitelist is an option, but it seems like overengineering because I would need a way to approve what goes on the whitelist. At that point, I'm at square 1. I just want devices to be able to bond when a button is pressed. 

    I DO use the peer manager. I tried using pm_sec_params_set(NULL) but that made my device timeout during interrogation. 

    Isn't it better to reinitialize the peer manager with  sec_param.bond = 0 or  sec_param.bond  = 1? EDIT: when I tried setting sec_param.bond = 0, I got a Fatal error: "Invalid parameter" 

        ble_gap_sec_params_t sec_param;
    ret_code_t           err_code;

    err_code = pm_init();
    APP_ERROR_CHECK(err_code);

    memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

    // Security parameters to be used for all security procedures.
    sec_param.bond           = SEC_PARAM_BOND;
    sec_param.mitm           = SEC_PARAM_MITM;
    sec_param.lesc           = SEC_PARAM_LESC;
    sec_param.keypress       = SEC_PARAM_KEYPRESS;
    sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES;
    sec_param.oob            = SEC_PARAM_OOB;
    sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
    sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
    sec_param.kdist_own.enc  = 1;
    sec_param.kdist_own.id   = 1;
    sec_param.kdist_peer.enc = 1;
    sec_param.kdist_peer.id  = 1;

    err_code = pm_sec_params_set(&sec_param);
    APP_ERROR_CHECK(err_code);

  • 0 in reply to Andrew Ong

    Hi Andrew, 

    I would need to know more about what you mentioned "my device timeout during interrogation", what exactly happened ? Which app did you use ? Could you try using nRFConnect ? Could you check if the nRF52 crashes at some points ? 

    The sec_param.bond  configuration only used to enable/disable bonding, not about pairing. This mean the phone can still pair (encrypt the link) but don't store bond information. The device still can read characteristic that require encryption.

Reply
  • 0 in reply to Andrew Ong

    Hi Andrew, 

    I would need to know more about what you mentioned "my device timeout during interrogation", what exactly happened ? Which app did you use ? Could you try using nRFConnect ? Could you check if the nRF52 crashes at some points ? 

    The sec_param.bond  configuration only used to enable/disable bonding, not about pairing. This mean the phone can still pair (encrypt the link) but don't store bond information. The device still can read characteristic that require encryption.

Children
No Data
Related
Terms of service