https://devzone.nordicsemi.com/f/nordic-q-a/49098/reject-example-ltk-used-by-other-sideI saw this BLE security issue and was wondering how Nordic deals with it. When the other side uses the example LTK from the BLE spec, can the softdevice automatically reject it or do I need to do something in my app to reject it? https://cve.mitre.orgen-USTelligent Community 13Fri, 28 Jun 2019 07:06:33 GMThttps://devzone.nordicsemi.com/thread/195264?ContentTypeID=1Fri, 28 Jun 2019 07:06:33 GMT137ad170-7792-4731-bb38-c0d22fbe4515:2d668dfd-7a29-48d8-8d82-fd722f3c8149Einar Thorsrud<p>Hi,</p> <p>The SoftDevice does not reject this LTK automatically. You can handle this in your application, which gets all pairing/bonding data from the SoftDevice (needed since the application is responsible for storing all bonding data (including the LTK)).</p> <p>But I wonder why you want to do this? It makes sense for Windows (and other PC and mobile operating systems) to block this LTK, as it has been used in a number of BLE devices. However, unless your device will be used together with any such device, it is not a practical issue. If for instance, you are making a peripheral for PC&#39;s or mobile devices, then I do not see any reason for considering this.</p><div style="clear:both;"></div>