• State Verified Answer
  • Replies 1 reply
  • Subscribers 67 subscribers
  • Views 584 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 231614
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Reject example LTK used by other side

Jefferson

I saw this BLE security issue and was wondering how Nordic deals with it.  When the other side uses the example LTK from the BLE spec, can the softdevice automatically reject it or do I need to do something in my app to reject it?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2102

  • +1

    Hi,

    The SoftDevice does not reject this LTK automatically. You can handle this in your application, which gets all pairing/bonding data from the SoftDevice (needed since the application is responsible for storing all bonding data (including the LTK)).

    But I wonder why you want to do this? It makes sense for Windows (and other PC and mobile operating systems) to block this LTK, as it has been used in a number of BLE devices. However, unless your device will be used together with any such device, it is not a practical issue. If for instance, you are making a peripheral for PC's or mobile devices, then I do not see any reason for considering this.

Related