iOS Bluetooth BLE security and "Just works" association model - ios

According to this document and this whitepaper, there are security measures designed to prevent passive eavesdropping a Bluetooth BLE connection. Is there a way to implement the secure connection between an iOS central manager and a peripheral device?
Specifically, I'm looking to implement "Just works association model". I want to know if it is possible with an iPhone.

For BLE connections, iOS supports "Just Works" and also "PIN" based pairing.
For Out-of-band (OOB) pairing, there is no public iOS API (albeit a private one that Apple uses itself for Handoff amongst other things, to seamlessly pair two Apple devices without user interaction.)
Note that both "Just Works" and "PIN" pairing is somewhat broken. If an eavesdropper were to listen in on the initial pairing process, it could brute force the exchanged keys easily.
iOS 8.2 added support for BT 4.2, which includes various improvements for BLE pairing and security in general. I haven't looked what parts iOS 8.2 supports though.
To kick off pairing:
an app that is using the peripheral needs to be in the foreground (this can be iOS' Settings)
after connecting,
send the "Slave Security Request" command from peripheral side (see the Bluetooth Specification),
or,
access a "protected" characteristic on a service implemented either by the peripheral or by the app -- this will make iOS automagically initiate the pairing process if the device was not yet bonded. This is what Apple recommends.

EDITED:
According to the table under Step 4 in this link, because your Central (smartphone) has both Keyboard and Display, the only way to perform Just Works pairing is if the sensor has no input and no output capabilities.
So, to do that, you must configure the sensor to send a Pairing Response with the IO Capabilities set to NoInputNoOutput.
That will force the Central (your iOS device) to perform Just Works pairing.

Related

Bluetooth peripheral does not pair

I have written an apple watch app to try to communicate with a bluetooth peripheral which has implemented some custom encryption and pairing process I already managed to implement correctly.
The device seems not to conform to standards and as such does not indicate that it needs encryption through its chatacteristic properties. After going through the pairing I can write values to it and recieve notifications.
The problem is that when I disconnect and connect again I have to go through the pairing process again. Also I have noticed that after pairing via other apps the device does a long beep sound which seems missing when I pair it through my app.
Is there any way to force pairing/binding in CoreBluetooth?

iPhone Bluetooth pairing without confirming passcode

In my BLE app, the user story is like, bluetooth pairing should happen without the passcode confirmation step. As far as i have researched so far, it is possible in Android (like Android Bluetooth Pairing without User Enter Pin and Confirmation Using Android API)
Is it possible in iPhone?
Sadly, on iOS it is not possible to skip the pairing dialog. It is directly sent from the OS. It is a strict convention from apple that apps are not able to skip security processes.
Some additional information:
Dependent on the IOCapabilityResponse from the peripheral device on bluetooth level iOS will show you a dialog asking to pair or to confirm a pass code. If iOS will show you the dialog at all depends if the bondable flag is set in the IOCapabilityResponse from the peripheral.
There are three types of connection in BLE:
connection: pin not required, connection not secure
pair: pin could be requested or not, connection secured with short term key, a popup will be displayed
bond: pin could be requested or not, connection secured with long term
key, a popup will be displayed
All of these method are managed by BLE peripheral firmware, iOS only adapts its connection based on how the peripheral is configured

How to match EAAccessory and CBPeripheral with MFi device?

I have MFi device which uses BLE for control and Classic Bluetooth for audio streaming.
In the App, i use coreBluetooth framework to scan BLE and EAAccessory framework to scan Classic Bluetooth.
I don't want the BLE of target device to be connected if its Classic Bluetooth is not yet connected. So i need to know which EAAccessory is corresponding to target CBPeripheral.
I am familiar with coreBluetooth, there is UUID string to identify the CBPeripheral. But it looks not exist in EAAccessory.
I have an idea but not sure: maybe firmware side can config EAAccessory's serial number and CBPeripheral's manufacture data in advertisement data with the same
serial number, so that App side can check if they are the same.
Dose anyone knows the general way to implement this in App side and firmware side?
I really do not think there is s relationship between the 2. BT and BTLE are managed by different chip at peripheral side and phone side.
Usually in BT you use the MAC address to identify the peripheral on BTLE side the MAC address is not used anymore since iOS at the first connection give its own identifier to the peripheral.
What you can do is probably at firmware side, by exposing a service with a characteristic that somehow relate the 2.
UPDATE AFTER COMMENT
I see, as far as I know there a best practice doesn't exist.The worst part is that you have to handle connections differently, mostly due to how connection are made on iOS side. While on the BLE you can choose a not encrypted connection that would not require paring or bonding, on BT side I guess that bonding is required.
Probably the most simple flow would be, user bond the BT device. Once you are in the app and detect the connected BT device, use a scan method for detect BLE companion device by filtering for a specific service id that your device exposes, once you do that you can also filter discoveries using BLE name without still making a connection.
Adv packet are restricted in size (29 usable byte) but you can also use the scan response (31 byte), that exposes some additional properties such as manufacturer data that will be exposed in a dictionary (kCBAdvDataManufacturerData).
Once you know that is the correct device you can start a connection, that does not require pair or bond but is NOT encrypted (Pair and Bond will require the user to accept the connection inside your app).

Removing PIN in Core Bluetooth Connection

I'm working on an application that connects phones via core bluetooth (BLE). The connection and data transmission work beautifully, but there is one small imperfection. When connecting to a new device, a pin must be entered on one of the devices. The application is supposed to be very instantaneous, and the pin-input greatly interrupts this process. I'm not worried about security, and I've personally connected my phone to many bluetooth devices without entering pins, so I was just wondering how this could be done with the iOS api.
Thanks!
If you specify any of your peripheral's characteristics with an 'encryptionRequired' property (CBCharacteristicPropertyNotifyEncryptionRequired or CBCharacteristicPropertyIndicateEncryptionRequired) or permissions (CBAttributePermissionsReadEncryptionRequired or CBAttributePermissionsWriteEncryptionRequired) then bonding is required between the devices.
If the devices aren't already bonded then this will trigger the pairing dialog and require a pin to be entered. If you don't specify any of the encryption properties or permissions on your peripheral's characteristics then you won't be prompted to pair.

How to send data to an iphone which is turned into a iBeacon?

how is it possible to send data to an iPhone which acts as an iBeacon?
I am looking for an process as the following:
Search nearby iBeacons
Connect to some iBeacon
Exchange data between the devices
Does anybody know how to put the different bluetooth functions together to make
this possible?
thx in advance
Standard iBeacons are transmit-only devices that can be seen by mobile devices, but don't actually "connect" to them or exchange data.
But you can still do what you are asking if you have an app on all devices as well as a web service to do the data transfer. This would allow devices A and B to detect each other when they are nearby and exchange data. Here's how:
Your app on devices A and B alternates between acting as an iBeacon (advertising its presence with an application-specific identifier and a phone-specific identifier) and ranging for iBeacon signals including the application-specific identifier.
During its ranging cycle, your app on device A will detect an iBeacon transmission from device B, which includes both your application identifier and the device identifier of B.
App A then makes a "write" call to the web service with a source of "A" and a destination of "B", along with any data you want to transfer, like "Device A says hello to device B."
The app would also periodically make a "read" call to the web service. In this example, device B would read any information destined for B, and the web service would return a record that device A had send it a message with the data "Device A says hello to device B."
Because the same process is also running on both phones, this communication can happen both ways.
iBeacon is a proximity technology and isn't designed for data interchange. However, since the Bluetooth stack is going to be active on your iPhone acting as the beacon (so it can advertise its proximity UUID), you can use Core Bluetooth to connect to the beacon and exchange data between the devices.
Does it specifically need to use iBeacon technology? The reason I ask is that from reading your description of the process, you could achieve the same thing using iOS 7's Multipeer Connectivity. It's able to abstract out all the technical complexities of connecting 2 iOS devices together regardless of the interface, be it WiFi or Bluetooth. I've managed to build something similar using MCNearbyServiceBrowser, MCNearbyServiceAdvertiser, and MCSession classes.

Resources