I'm working on an iOS application (for iOS 13+), that should use the most secure BLE pairing method, Out of Band pairing (OOB) (which usually uses an NFC tag for BLE address/temporary key (TK) storage).
Unfortunately, either my Google skills suck, or there is literally no useful information on Google for OOB pairing in iOS..
From my understanding, Apple is already using some OOB technique to pair with the Apple watch (through an image rather than NFC, with fallback to passkey).
During my Google research I've found one single link to StackOverflow,
Bluetooth “out of band” (OOB) pairing on iOS?,
which raises the same question, but it's from September 2015, so the answer there is (hopefully) outdated!
Also, having had a look at CoreBluetooth API, it seems like there is no information in there on OOB pairing..
> Does anyone have more (up-to-date) information on this topic?
Any link/clue/explanation is much appreciated!
(I can't believe really, that this hasn't been implemented in iOS as of today..)
Related
In 2015 Uber was fingerprinting iPhones to reduce fraud in China.
What methods were they using to do this? Was it as simple as recording the serial number in a database? Were they using private methods?
From the NYT article:
"To halt the activity, Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called “fingerprinting.” Uber could then identify an iPhone and prevent itself from being fooled even after the device was erased of its contents.
There was one problem: Fingerprinting iPhones broke Apple’s rules. Mr. Cook believed that wiping an iPhone should ensure that no trace of the owner’s identity remained on the device.
So Mr. Kalanick told his engineers to “geofence” Apple’s headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber’s software in a specific location. Uber would then obfuscate its code for people within that geofenced area, essentially drawing a digital lasso around those it wanted to keep in the dark. Apple employees at its headquarters were unable to see Uber’s fingerprinting."
Found more info and a potential method on this article.
Will Strafach examined a 2014 build of the Uber iOS app and found them using private APIs to use IOKit to pull the device serial number from the device registry.
https://twitter.com/chronic/status/856250223777206273
There might be more, but this alone is a blatant violation of App Store policy. Strafach confirms that the technique Uber was using no longer works in iOS 10.]
Github project here - https://github.com/erica/uidevice-extension/blob/7adc1d13946fca6fcb4b5f0b6e45911ab4a9a671/UIDevice-IOKitExtensions.m
Even I was too curious to know. I read a tweet, that basically hints that they exploited IOKits registries to do this.
Seems like they got some identifier from IOKits internals and saved it at their end to identify as device.
https://twitter.com/chronic/status/856250223777206273
I'm hoping to create a BLE advertisement on iOS where I can control the advertisement on a byte level.
One use case would be to mimic an iBeacon advertisement. What is the iBeacon Bluetooth Profile (I want to advertise while my app is in the background which is why I'm not using CoreLocation)
I do not see a way to do this with the Core Bluetooth API. Is this correct? Are there alternatives using private API's or jailbreaking?
As the others already pointed out, there is no API on iOS that allows you to do this.
You can advertise as an iBeacon, but only when your app is in the foreground. When in background, the advertisement is removed and therefore cannot be discovered anymore (except for other iOS devices which explicitly scan for that service UUID). Also see the documentation here: Core Bluetooth Background Processing
If you would share your use case and what you want to achieve, maybe there are other ways to realise it.
My experience with iOS is that if it is something is not exposed in the API, there is no way around, except jailbreaking. For Bluetooth low energy the API is at GAP/GATT level, and very little at the lower levels (if anything) is exposed. Advertising is a LL (link layer) feature.
To illustrate how restricted the access is: When scanning for BLE devices you will not have access to the advertiser's MAC address iOS. In Android you have it.
I do not see a way to do this with the Core Bluetooth API. Is this
correct?
Since you have to set Manufacture Specific Data in order to achieve this, if nothing has changed you will experience exactly the same issue that I did. Explained here:
The advertisement key 'Manufacturer Data' is not allowed in CoreBluetooth
It is not possible.
I'm working on a location related project. I found that iOS has iBeacon which can help the app to get the location data. I want to know if iOS Safari does have the access to it? Or any other similar bluetooth device which can be accessed?
Not yet. There is a proposal in W3C for a "web-bluetooth" specification which has been partly implemented in the chrome , opera and chrome-for-android browsers, although they need to be activated by the users in a somewhat convoluted manner. Like all these things, it'll take time for the committees to spin their wheels and for the browser makers to decide if they want to support it , and then implement it.
MDN docs: https://developer.mozilla.org/en-US/docs/Web/API/Web_Bluetooth_API
Apple don't have this built in to Safari (yet), however there is a Web Browser app called WebBLE that implements 'Web Bluetooth' mentioned by Shayne.
Currently the app only supports a subset of the standard, but it's more than enough for most tasks. It's also Open Source so you could add it to a WebView in your own app if needed.
Having said all that, currently I don't believe Web Bluetooth supports accessing Advertising data - so while you can connect to Bluetooth LE devices and interact with them, you may not be able to get the actual Advertisements (which is kind of the point of iBeacon).
I need to securely paired a bluetooth device to an iOS device,
I know that in Bluetooth 4.0 and 4.1 there is three way to do the pairing : Just Works, Passkey Entry and Out Of Band (OOB).
We need to use the highest security paring protocol, which it found to be the Out Of Band (OOB) method.
I know that apple used the OOB method for pairing the apple watch to an iPhone, at least they say so in the iOS Security Guide (at the end of the page 22).
So I'm wondering is there any API from apple that I can use for pairing my device with the OBB method, or maybe you can suggest me any other secure method.
Thank you so much for your help, it's highly appreciated !
The only available bonding (pairing) method in Core Bluetooth is passkey entry.
The Apple Watch uses an OOB technique involving an image captured by the phone's camera with a fallback to passkey, but this is not available to other apps.
If your device has a display and can generate a random passkey then this technique is much the same as OOB in terms of security. If your device doesn't have a display then the security depends on how the passkey is shared (e.g. fixed passkey such as 0000 for all devices, not very secure. Random passkey for each device on a sticker is more secure)
I am working on a project where I need a two-way communication channel between iOS and a Ubuntu server for exchanging string messages.
Question
Is there a single Bluetooth profile for accomplishing this? I think Object Push Profile allows for this kind of interaction. But looking at iOS: Supported Bluetooth profiles it seems that iOS does not support this profile.
How else can I accomplish this? Any supporting links to sample code or doc for implementing the services and characteristics on either sides much appreciated.
Literature survey
I found two tutorials - Arduino Tutorial: Integrating Bluetooth LE and iOS with Swift and Using Bluetooth.
The first one provides sample code for creating a BT service for transferring small amounts of data from iOS to Arduino. The second link describes how to implement the Headset Profile (HSP). However, these only address 1-way communication.