• State Not Answered
  • Replies 3 replies
  • Subscribers 62 subscribers
  • Views 822 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 230889
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NFC pairing NFC_PAIRING_MODE_OOB

Andreas48752

Hi,

I have a question regarding NFC OOB pairing (SDK version 15.2):

I am using "nfc_ble_pair_init" with PAIRING_MODE_OOB. This works when I touch nfc with my mobile. I am asked if I would like to pair with the device and if I accept I get an encrypted connection (at least I get an BLE_GAP_EVT_AUTH_STATUS event).

But when I use nRF Connect with a nrf52840-Dongle and try to connect with the device while the message is on the mobile display this also works. So I am able to connect to the device without the OOB data from another source. As I am not getting the BLE_GAP_EVT_AUTH_STATUS event I assume that the connection is not encrypted but I would like to prevent that the connection is made at all.

Do I miss something about the concept of NFC OOB pairing here?

Thanks,

Andreas

 

Parents
  • 0

    Hi,

    NFC is used to exchange the OOB key. By default it does not create a whitelist for advertising, so if you advertise in connectable mode, all central devices can connect. Possible solutions would be to advertise in non connectable mode (or not advertise at all) until NFC is  present. Then start advertising in connectable mode. After you have bonded to a device you can use a whitelist when advertising to stop other central from connecting, but remember that it's trivial for an attacker to copy the address, so the whitelist cannot be used for authentication, only to limit connections.

  • 0 in reply to run_ar

    Sorry, but I have to ask again:

    Imaging the device is not advertising until NFC is touched.
    When NFC is touched OOB key is transfered over NFC and advertising is enabled in connectable mode (which I asume "nfc_ble_pair_init" from nfc_ble_pair_lib does).
    In this state the mobile shows the message "do you want to pair with device X". When the user takes a few seconds to decide if he wants to pair another device could connect without having the OOB key?

    Then connection would not be encrypted but without a whitelist it is possible for everyone to connect until the mobile makes the connection and advertising is disabled automatically?

    Did I understand that correctly?

    Thanks.

Reply
  • 0 in reply to run_ar

    Sorry, but I have to ask again:

    Imaging the device is not advertising until NFC is touched.
    When NFC is touched OOB key is transfered over NFC and advertising is enabled in connectable mode (which I asume "nfc_ble_pair_init" from nfc_ble_pair_lib does).
    In this state the mobile shows the message "do you want to pair with device X". When the user takes a few seconds to decide if he wants to pair another device could connect without having the OOB key?

    Then connection would not be encrypted but without a whitelist it is possible for everyone to connect until the mobile makes the connection and advertising is disabled automatically?

    Did I understand that correctly?

    Thanks.

Children
Related

core_v2_widget.Hide()