• State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 88 subscribers
  • Views 1801 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 276910
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Info about new nRF5 SDK v17.1.0

DimitrisP

Hello

new nRD5 SDK v17.1.0

Can you please help me to find more about:

1.
"- NRFFOSDK-13484: Added an option in the Peer Manager to decide that a connection will not be processed by this module."

and
"2. - NRFFOSDK-13616: Updated handling of bonding events to be more sceptical of failed bonding/encryption attempts, since they can be the sign of an attack."

Dimitris

Parents
  • 0

    Hi 

    Regarding 1 it is not a lot to share unfortunately. Apparently a limited number of customers reported an issue during their application development, and in order to solve the issue we provided this fix. We are not able to share details about the customer application, which means we can't really go into details about the issue either. 

    I am still waiting for more background on 2), but essentially if you get repeated failed pairing attempts it could be a sign that someone is trying to hack your connection by intercepting the pairing packets and trying to install themselves as a man in the middle. For this reason it is safer to disconnect when this situation occurs, rather than to repeatedly try to do pairing again. 

    Whether or not this is related to a specific incident or report I don't know, but I will let you know as soon as I hear back from the security team. 

    Best regards
    Torbjørn

Reply
  • 0

    Hi 

    Regarding 1 it is not a lot to share unfortunately. Apparently a limited number of customers reported an issue during their application development, and in order to solve the issue we provided this fix. We are not able to share details about the customer application, which means we can't really go into details about the issue either. 

    I am still waiting for more background on 2), but essentially if you get repeated failed pairing attempts it could be a sign that someone is trying to hack your connection by intercepting the pairing packets and trying to install themselves as a man in the middle. For this reason it is safer to disconnect when this situation occurs, rather than to repeatedly try to do pairing again. 

    Whether or not this is related to a specific incident or report I don't know, but I will let you know as soon as I hear back from the security team. 

    Best regards
    Torbjørn

Children
  • +1 in reply to ovrebekk

    When I downloaded SDK 17.1, I diffed the entire "components" subfolder against SDK 17.0.2. There aren't that many changes. The changes for issue 1 are easy to see from the diff.

    I was curious about issue 2 as well. There were some changes specifically for LESC, but it was not immediately obvious to me if these were responsible for issue 2.

Related
Terms of service