This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

LE Secure Connections (ECDH) on S130

Is the ECDH encrypted key exchange supported on the new S130? If not, when can we expect it to be available?

I am surprised this is not given a higher priority, since now the only safe solution is to use OOB, which requires additional hardware. The other two solutions, where the key exchange over the air is unencrypted, is essentially useless. See here and video here.

Parents
  • @Dominik, endnode: Current S130 (v1.0.0) doesn't support LE Secure Connection.

    It's in our road map, but I don't know when it will be available.

    For official information on future feature/product, please contact our sales representative.

    I agree that Just work and Passkey is not very safe, but some measures can be done to make them safer, such as only perform bonding inside a protected environment, such as a Faraday Cage (microwave oven for example)

  • It is also possible to reduce TX power dramatically during bonding, which will require the devices to be very close. This severely limits passive eavesdropping, since a single missed packet of the 6-way "handshake" will make it much harder to regenerate the STK used when distributing the long-term keys.

    Sadly, most mobile vendors are still lacking in OOB support, so I'm surprised to see LE-Secure Connections embraced so quickly.

Reply
  • It is also possible to reduce TX power dramatically during bonding, which will require the devices to be very close. This severely limits passive eavesdropping, since a single missed packet of the 6-way "handshake" will make it much harder to regenerate the STK used when distributing the long-term keys.

    Sadly, most mobile vendors are still lacking in OOB support, so I'm surprised to see LE-Secure Connections embraced so quickly.

Children
No Data
Related