• State Verified Answer
  • Replies 22 replies
  • Subscribers 74 subscribers
  • Views 5353 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 264461
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Pairing passkey , cancel pairing on android side still give access to characteristic

Olfox

Hi ,

I'm working on nrf52833, s113. 

I have trouble to secure my system. It has no kayboard or screen, and with 6digit fixd pathkey( no other choice).

That's mean it advertise once wake up with accelerometre. 

I want to protect access to my 4 characteristics. So i enable bounding and  MITM. to have the passkey popup on android. Without MITM, i don't have passkey pop up. But then the strange stuff appar:

My program is based on hrs example + dfu merging.

I was thinking that, by using pairing protection with 6 digit fixed pathkey( no other choice cause no IO), i would not be able to read/write my characteriqtics. But with nrfConnect, if you are fast enough, when bounding window pops up , and you click cancel and really fast after, you are able to click on the row to read a characteristics, the connexion is maintained and you have access to all , without been securly paired !!! Note that here, my charac are in OPEN. I juste relly on the fact that the passkey will avoid to go next step...

I know i can protect each caracteristic by using : BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM , what i did. 

But a side effect appears: after first pairing on the phone by writing the 6 digit passkey, the same windows pops up FOR EACH characteristic you read ( only the first time) ... so it s a bit anoying because you have the feeling to have paired at connexion step , but in fact it has absolutely no impact on security.

If you click cancel you are still connected and if fast enough you can even have access to all. If you paired successfully, you will have to enter this same path key for each characteristic you have protected, what give a strange effect to the final user, he has the feeling that first pairing didn't worked.

What i need is :First, ask pairng after connect. If yes 6digit ok , no more asked user to enter pathkey. If no or cancel, close connexion or retry but doesn't give access. Only paired device should have access.

Hope to have been clear :)

  • 0 in reply to Amanda Hsieh

    Thanks Amanda,

    I have another issue, when i connect and disconnect very fast , nrf52 connect, start running timer etc .. but doesn't detect the disconnexion. So my system run and consume while nobody is no more connected. The bad thing is that, there is no prossibility at the moment to detect it.

    Is there a way to detect a disconnexion even if the BLE _EVT_DISCONNECT has not been set ? I was thinking to use a timer that i reload after each charceteristic reading, and if it times out i force a disconnexion. 

    I have seen a timer existing in gls example : PM_HANDLER_SEC_DELAY_MS

    But it seems to not manage this deconnexion missing detection

  • 0 in reply to Olfox

    I think the only way to find the cause we need an on-air sniffer log. I suspect the case here may be that the phone is actually still in a connection here, or at least the phone think it is in a connection since it may be waiting for an ack on the previous terminate link packet. If the ack is lost, then the phone will need to wait for a supervisor timeout before the next link can be established. The peer device will only send one ack when receiving the terminate link packet before disconnect, this is according to BLE spec.

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Yes , i was able to reproduce the problem( it is quiet easy unfortunatly ...) and here is the log. We see that there is no packet exchange anymore once i break the link by exiting my screen on my app. 

    #define NRF_BLE_CONN_PARAMS_MAX_SUPERVISION_TIMEOUT_DEVIATION 65535

    what should happen after 65353 ms ( almost 11 minutes?), because i let it run in this bad deconnexion states and nothing happens.

    thank you !

    links keep connected on uC but not in android connect lign20866.pcapng

    I can also see in my nrf console after breaking the link this :BLE_GAP_EVT_CONN_PARAM_UPDATE occurs. one time.

  • 0 in reply to Olfox

    Hi Florian, 

    As I know from other cases, if you connect and disconnect very fast, the app might not send out the disconnection command as expected. From your sniffer log, the phone is actually still in a connection. If the app sends a disconnection command, you should see the opcode in the log as

     

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Hm so it is "normal" . But impossible to let the system running this way, batterie will die very fast, so i need a mecanism to detect if nobody is really connected, else i'm stuck in this state for ever...

    SO i see two posibilities:

    A.

    - use a read autorization on characteristic that should generate BLE_GATTS_EVT_RW_AUTHORIZE_REQUEST event in ble_on_ble_evt function, for each trial of reading. I will clear a timeout timer in this event. If timeout timer occurs, i force disconnection.

    2 questions here:

    1. How to "reload" the timer dynamically when it is running. I see no API funciton to do this and i meet a lot of trouble with stop , change et start timer function when it is already running. As it count from 0 to x , should i just clear a register ot a variable ?

    2. Should i call  in BLE_GATTS_EVT_RW_AUTHORIZE_REQUEST  event ? According tho this schematics, i have to give authorize by answering to Soft Device that it can give access to peer.

    B.

    Rely on the NRF_BLE_CONN_PARAMS_MAX_SUPERVISION_TIMEOUT_DEVIATION that, if i understood should expire after a certain time of inactivity, what is not the case in my application it is set to 65535 so around 11minutes but it never generate any ble event or force disconnect. Do i understand correctly its purpose ? Is there some code to add to manage it ?

    Thanks a lot !

Related
Terms of service