This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

BLE secure - integrity

Hi,

I know that one of the security concerns is Integrity - which means that we want to ensure that data received is free from corruption and tampering by unauthorized device.

How can we prevent that with our security manager? Is MITM protection enough?

Thanks!

0 ovrebekk over 4 years ago

Hi

If you use so called legacy pairing (all pairing modes that don't use LESC) you are always vulnerable to so called passive eavesdropping attacks, where a hacker is sniffing all the data sent during the pairing phase and calculating the AES keys used based on this information.

If you can ensure that you pair and bond in a safe environment this is fine, but if you want to be able to pair the device anywhere this might not be sufficient.

Then it is recommended to use LESC pairing with MITM protection, in order to be protected against both passive eavesdropping and MITM attacks both during pairing and after you are paired.

Best regards
Torbjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel