• State Not Answered
  • Replies 3 replies
  • Subscribers 67 subscribers
  • Views 1597 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 234579
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Force BLE connection & pairing inside my own mobile app

thoric_fish

Hi, I am wondering if there is a way to reject Bluetooth pairing with Nordic peripheral outside of my own mobile application. For example the Fitbit devices will reject connecting to phone if the user tries to pair the Fitbit device from the phone's Bluetooth settings (https://community.fitbit.com/t5/One/Fitbit-One-rejects-connecting-with-my-Bluetooth/td-p/2087043). The user can only use the Fitbit app to successfully pair with the Fitbit device.

There are options for whitelisting and scanning & filtering by addresses, UUIDs, and other identifiers but it seems like all of these can be spoofed. Is it possible for the Nordic peripheral to only connect and pair to devices that present a unique token the Nordic peripheral recognizes? All other devices/apps that do not present the token would be rejected such as in the Fitbit example. I am also wondering if Nordic has any other similar implementations or examples that achieve this goal. 

I know using LESC and random passkey increase the pairing security, but I don't think having a passkey stops other devices/apps from trying to connect & pair with the Nordic peripheral. In addition to security reasons, rejecting connection and pairing through phone's Bluetooth settings and other apps can be useful to ensure the user successfully registers and syncs the Nordic peripheral to our app. 

Parents
  • 0

    Hello,

     

    There are options for whitelisting and scanning & filtering by addresses, UUIDs, and other identifiers but it seems like all of these can be spoofed.

     I would not be surprised if the fitbit pairing can be spoofed as well. Basically, you mention all the methods that prevent your device from pairing with the "wrong" devices. Passkeys probably being the most commonly used. This can be implemented in your app (that it will automatically fetch and send the passkey for you), but there is nothing stopping any other apps from sending the same passkey. I bet that the fitbit app checks the serial number of the device, fetch the passkey from the cloud and then sends it, allowing only the app to connect to it. If you sniff the connection being established (for the first time, since it probably uses bonding), you would probably be able to sniff up something, unless they use LESC on top of that). That being said, I have not tested the fitbit pairing. I don't know how they restrict it to be used with the app. It is only speculations.

    So basically, you can refuse a connection if the connecting device doesn't have the right keys. It is also possible to do some "security by obscurity", but that will only work until someone figures out how you secure it.

    So the only option I can think of is to use some Out of Band pairing keys which you need to store in a database in the cloud, which only your app can access. Then your app needs to fetch the advertising name, or some serial number that differs between each device to request that specific key to pair with your device. You can, of course, use the same key for every device, but again, if someone figures out that key, and this leaks, then anyone can connect to it. 

    Best regards,

    Edvin

Reply
  • 0

    Hello,

     

    There are options for whitelisting and scanning & filtering by addresses, UUIDs, and other identifiers but it seems like all of these can be spoofed.

     I would not be surprised if the fitbit pairing can be spoofed as well. Basically, you mention all the methods that prevent your device from pairing with the "wrong" devices. Passkeys probably being the most commonly used. This can be implemented in your app (that it will automatically fetch and send the passkey for you), but there is nothing stopping any other apps from sending the same passkey. I bet that the fitbit app checks the serial number of the device, fetch the passkey from the cloud and then sends it, allowing only the app to connect to it. If you sniff the connection being established (for the first time, since it probably uses bonding), you would probably be able to sniff up something, unless they use LESC on top of that). That being said, I have not tested the fitbit pairing. I don't know how they restrict it to be used with the app. It is only speculations.

    So basically, you can refuse a connection if the connecting device doesn't have the right keys. It is also possible to do some "security by obscurity", but that will only work until someone figures out how you secure it.

    So the only option I can think of is to use some Out of Band pairing keys which you need to store in a database in the cloud, which only your app can access. Then your app needs to fetch the advertising name, or some serial number that differs between each device to request that specific key to pair with your device. You can, of course, use the same key for every device, but again, if someone figures out that key, and this leaks, then anyone can connect to it. 

    Best regards,

    Edvin

Children
  • 0 in reply to Edvin

    Hi Edvin,

    What about ensuring the Nordic peripheral only connects to my own app? Like you mentioned if other app have the same passkey as my own app then the other app can connect to the Nordic peripheral. Does SoftDevice support any method to make sure the Nordic device only can connect to my app, in addition to pairing with passkey?

    For example the Nordic peripheral would first check a unique token from my app before successful connection and then check for a correct passkey before pairing. 

  • 0 in reply to thoric_fish

    The easy answer is that this is not possible. A peripheral connects to a phone, and not an app. The softdevice doesn't have any method to ensure this. 

    But as I tried to say, you can try to do some tricks with the key handling, so that it would be more difficult, but it is not possible to restrict the use only with one app.

    Let us say that your peripheral requires the phone to send a certain message every 5 seconds, or else it will disconnect. Let us say that your app does this, so when you use another app, it will disconnect. But if someone tries to sniff this connection, and they see what's going on, it will be possible to replicate in their own app. 

Related