This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Re-bonding issue with Android and S110

Hello,

we are facing the following issue when using Android and trying to rebond with a previously bonded S110 peripheral: Bonding the Android device with the S110 based device the first time is working fine - no problems. Next, the user of the Android device decides to "Unpair" the S110 device in the Android Bluetooth settings menu. Note: on the S110 the bond is not deleted. If the Android user now tries to (re)bond with the S110 device again, it seems that the bond procedure is executed correctly, however a propper connection can not be established anymore (Andriod reports a timeout). Looking at the issue with the sniffer it seems like some sort of encryption problem. It very much looks like the problem descibed in this (unsolved) thread: irk saved but ...

Tested on Android 5 and 6. S110 verions is 7.1.0 with SDK 7.2. We are using "Just works" bonding and whitelisting.

The only way to resolve this issue seems to delete the bond also in the S110 device. However, in our case this is not very user friendly.

Sniffer screen shot showing the failed connection attempt:

image description

Does anyone know what might be going wrong here?

A sniffer trace (wireshark) with the rebond following by a connection trial: sniffer_trace.pcapng

  • I don't know why Android tries to encrypt using the previous exchanged keys, if you have actually deleted them. Did you try to toggle bluetooth off/on on Android to see if that helps?

    Regardless. An existing previous bond should only be authenticated based on the Long term key, so if this is deleted on the peer it is no way for a device to know if this is indeed the bonded device reconnecting or an attacker. This is why you have to delete the bond on both peers. Note that the old sdk has a //bond/key refresh feature (which is actually a security issue), that would allow the android device to create a new bond, overwriting the existing one if it only tried to do so.

  • Thank you. Toggling Bluetooth on and off won't help. In the meantime we tried IOS and it seems that IOS can rebond without problems. I think I understand now why this is a security issue even when using whitelisting and it makes sense to have to delete the bond on both devices. It is a bit of a problem to delete a single specific bond if the device only has a single button and allows to bond with up to 8 smartphones. The only viable option in this case is to delete all bonds at once. But then all other 7 smartphones need to delete their bonds and rebond again, too. That is quite painfull for many users.

Related