• State Not Answered
  • Replies 7 replies
  • Subscribers 67 subscribers
  • Views 3767 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 105203
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

What I miss in the device manager

Marcel Mulder

Hi,

I have used several Bluetooth Low Energy solutions and I looked into several examples and something is missing. What I miss is to prevent pairing. It is something quite obvious. At least from my point of view. You don't want you neighbor to be able to pair with your device.

Most examples I see is that you activate (turn on) the device and you can pair with your phone. Some devices are limited to pair only with one device so you have your security settled now. But what if it can pair with more than one device? When it is turned on other people can pair as long as it is not connected.

What I want is to confirm the pairing or to initiate the pairing from my device. My device only has one button. I have looked into static pin pairing but as the iPhone has a display it will pop-up with a random pin code which I can't type because I have only one button. As far as I know it is not possible in iOS the say that it has only keyboard capabilities. So I end up with a device having no capabilities and therefore only supports it "just works". But this is a security issue in my opinion. I want to be in control to who or what my devices pairs to.

The nicest solution would be to initiate the pairing and than confirm it on my device with the button. This is however, a scenario they did not thought of when writing the Bluetooth Low Energy specification. There is no defined (or unlimited) timeout between initiate pairing and confirming. So between SMP Pairing Request and SMP Pairing Response. Because of the user interaction the timeout here should be quite large.

The other scenario (and I have used this one on anther device) is to press the button so it can be paired for e.g. 30 seconds. If the button is not pressed only devices which have bond information are allowed to connect. All other devices are disconnected immediately. The drawback here is that if you have multiple devices it is hard to choose the correct device on your smart phone.

Anyway, the device manager has no hooks or events I can use to prevent the device manager from pairing and directly disconnect when not in pairing mode and no bonding information is found.

Now finally my question. Does somebody else thought about this or am I the only one. Are there other possibilities I overlooked? Please let me know.

Best Regards, Marcel

  • 0 in reply to Hung Bui

    It works, but I now have a limitation of 8 devices using IRK. Maybe I have to change the device manager anyway. We will see. And there is another disadvantage. I am not able to start a BLE_GAP_ADV_FP_FILTER_CONNREQ advertisement with an empty whitelist. This is somehow logical but it means that when the device is first used anybody can pair. Unless I do no advertising at all and only advertise then when the button is pushed. Or is there something I overlook?

  • 0 in reply to Hung Bui

    Hi Marcel,

    8 IRK is the limit of the hardware block on the nRF51, please see section 4.6 in the Product Spec. So in total there are 8 public addresses and 8 IRK supported by the hardware (the current implementation in firmware may limit you to 8 total for both).

    BLE_GAP_ADV_FP_FILTER_CONNREQ with an empty whitelist means no one can connect, therefore it as you said doesn't make sense. The first time when whitelist is empty , any one should be able to connect and pair. If you want to avoid being connected by unwanted device, you can use RSSI as a filter. Or the best is to use a Faraday cage (e.g microwave oven ) when pairing to avoid eavesdropping if you don't have OOB for pairing.

    If you only want to advertise, and allow no-one to connect, you can advertise with BLE_GAP_ADV_TYPE_ADV_NONCONN_IND type.

    Btw, if you have different question, please create a new case.

Related