NRF51 + S110: Block bonding, allow access to some services

RE: NRF51 + S110: Block bonding, allow access to some services

Mathew Juzwiak — Wed, 19 Nov 2014 19:54:36 GMT

Now I know, it's impossible to block ONLY bonding new devices, and my fix does not contain any terrible bug (ie, bypass it simply). We'll consider Your proposed options and security issues. Thank You for answer.

RE: NRF51 + S110: Block bonding, allow access to some services

Petter Myhre — Wed, 19 Nov 2014 15:14:33 GMT

Is your device on when it is bought? Is it a concern that an attacker can bond with the device before the user can?

RE: NRF51 + S110: Block bonding, allow access to some services

Petter Myhre — Wed, 19 Nov 2014 15:13:36 GMT

I can't see why your quick fix shouldn't work, but it depends on your application.

As you have understood you can’t use whitelisting which means that anyone can connect to your device, blocking you from connecting to it. The attacker will only be disconnected when he tries to pair, but he can always reconnect.

This could for example be solved by using whitelisting in general, but not the first 60 seconds after a reset. In the first 60 seconds you can connect and insert your secret code.

Another option is to disconnect devices that don’t try to pair, after a certain time period.

I'm assuming that you have thought of this, but please ensure that your device is protected from brute force attacks.

RE: NRF51 + S110: Block bonding, allow access to some services

Mathew Juzwiak — Tue, 18 Nov 2014 15:02:02 GMT

Power off and on device? Access to device might be hard, but we can assume that yes, he can. Edit. But device can be also reseted by non-authorized person, and must be protected against it.

RE: NRF51 + S110: Block bonding, allow access to some services

Petter Myhre — Tue, 18 Nov 2014 14:56:16 GMT

Can the user reset the device?