Hello,
We avoid MITM attacks by using a static passkey. Does it mean that the attacker can decrypt the connection if attacker get the passkey? What I transfer or receive data will be captured by the attacker?
Hello,
We avoid MITM attacks by using a static passkey. Does it mean that the attacker can decrypt the connection if attacker get the passkey? What I transfer or receive data will be captured by the attacker?
It depends.
If you use the passkey to identify the device the attacker can pretend to be a trusted device, while it is not.
If not, the attacker can only decrypt an encrypted link if he has the passkey and sniffs the pairing process, only then will he get the keys used to actually encrypt the link.
Can I return to Bill's question (2)? If we put aside problem of delivering key to host and device (by NFC,USB...), is it correct that current nRF51 SD, Android, iOS and Windows 8/10 support setting up connection by using key provided? Update: Interesting information about OOB in Android is here
Can I return to Bill's question (2)? If we put aside problem of delivering key to host and device (by NFC,USB...), is it correct that current nRF51 SD, Android, iOS and Windows 8/10 support setting up connection by using key provided? Update: Interesting information about OOB in Android is here