• State Verified Answer
  • Replies 4 replies
  • Subscribers 75 subscribers
  • Views 2317 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 214466
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How do I prevent an iPhone from bonding?

Andrew Ong

Currently, in my application, any iPhone can attempt to read from one of my protected characteristics and initiate the bonding sequence. I have it set to "just works" mode (no PIN or out-of-band pairing) Where can I put an if statement that lets me restrict the bonding to only when a button is pressed? The context is that I have random private addresses turned on, and if any iPhone can bond, then there's no point in the random private addresses. 

Parents
  • +1

    Hi Andrew, 

    Have you considered using whitelist ? You can limit the connection of other phones to only the phones you have bonded with. 

    If whitelist is not an option ( you still want to allow connection from any phone) you can think of dynamically configure peermanager to enable and disable pairing. To disable pairing, you can simply call pm_sec_params_set() with NULL parameter to disable pairing and call it again with correct parameter to enable pairing/bonding. 

    If you don't use peermanager, then you have full control, just choose what to reply when you receive the BLE_GAP_EVT_SEC_PARAMS_REQUEST event 

  • 0 in reply to Hung Bui

    I did as you suggested in the form of this function and it seems to work well. 

    static void turn_bonding_on_off(bool on){
    if(on){
        ble_gap_sec_params_t sec_param;
        ret_code_t           err_code;

        memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

        // Security parameters to be used for all security procedures.
        sec_param.bond           = SEC_PARAM_BOND;
        sec_param.mitm           = SEC_PARAM_MITM;
        sec_param.lesc           = SEC_PARAM_LESC;
        sec_param.keypress       = SEC_PARAM_KEYPRESS;
        sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES;
        sec_param.oob            = SEC_PARAM_OOB;
        sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
        sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
        sec_param.kdist_own.enc  = 1;
        sec_param.kdist_own.id   = 1;
        sec_param.kdist_peer.enc = 1;
        sec_param.kdist_peer.id  = 1;

        err_code = pm_sec_params_set(&sec_param);
        APP_ERROR_CHECK(err_code);
    } else {
        /* Disallow bonding */
        pm_sec_params_set(NULL);
    }
}

Reply
  • 0 in reply to Hung Bui

    I did as you suggested in the form of this function and it seems to work well. 

    static void turn_bonding_on_off(bool on){
    if(on){
        ble_gap_sec_params_t sec_param;
        ret_code_t           err_code;

        memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

        // Security parameters to be used for all security procedures.
        sec_param.bond           = SEC_PARAM_BOND;
        sec_param.mitm           = SEC_PARAM_MITM;
        sec_param.lesc           = SEC_PARAM_LESC;
        sec_param.keypress       = SEC_PARAM_KEYPRESS;
        sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES;
        sec_param.oob            = SEC_PARAM_OOB;
        sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
        sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
        sec_param.kdist_own.enc  = 1;
        sec_param.kdist_own.id   = 1;
        sec_param.kdist_peer.enc = 1;
        sec_param.kdist_peer.id  = 1;

        err_code = pm_sec_params_set(&sec_param);
        APP_ERROR_CHECK(err_code);
    } else {
        /* Disallow bonding */
        pm_sec_params_set(NULL);
    }
}

Children
No Data
Related
Terms of service