• State Verified Answer
  • Replies 10 replies
  • Subscribers 63 subscribers
  • Views 4520 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 108464
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

MITM attacks

sara

Hello,

We avoid MITM attacks by using a static passkey. Does it mean that the attacker can decrypt the connection if attacker get the passkey? What I transfer or receive data will be captured by the attacker?

Parents
  • 0

    It depends.

    If you use the passkey to identify the device the attacker can pretend to be a trusted device, while it is not.

    If not, the attacker can only decrypt an encrypted link if he has the passkey and sniffs the pairing process, only then will he get the keys used to actually encrypt the link.

  • 0 in reply to Petter Myhre

    sara: Encryption with Passkey and Just Works are both very weak if someone is able to collect all the packets when the keys are exchanged (a poor OOB system would be equally weak). If you use bonding, the keys are usually only exchanged on the first connection. As long as the link is always encrypted and the first exchange is done in a secure place (or perhaps, as Anders suggests, with low power transmissions to limit sniffing) there should be pretty good security for most applications.

Reply
  • 0 in reply to Petter Myhre

    sara: Encryption with Passkey and Just Works are both very weak if someone is able to collect all the packets when the keys are exchanged (a poor OOB system would be equally weak). If you use bonding, the keys are usually only exchanged on the first connection. As long as the link is always encrypted and the first exchange is done in a secure place (or perhaps, as Anders suggests, with low power transmissions to limit sniffing) there should be pretty good security for most applications.

Children
No Data
Related