I'm designing a Bluetooth Low Energy accessory without a built-in display.
According to the Bluetooth Core Specification (CSv5.0 | Vol. 3, Part H, Table 2.8), that limits pairing to Just Works pairing - which is unauthenticated and has no man-in-the-middle protection even with LE Secure Coonnections. However Section 2.3.5.4 (CSv5.0 | Vol. 3, Part H), states that an out-of-band pairing mechanism may be used to send the TK (temporary key) if both devices support it. That would provide authentication (i.e. MITM protection) beyond Just Works pairing.
There are a number of white papers about implementing out-of-band pairing through the NFC radio (e.g. one from 2014 from the NFC Forum). So this is not a new concept.
Searching through the forums, I have been unable to find a definitive answer as to whether or not iOS supports OOB pairing through NFC:
I have a prototype BLE accessory that implements OOB pairing. This works with a 4-year-old HTC running Android 9 at the OS level - no app required. I tested same accessory with an iPhone 12 running iOS v14.4.2 and was unable to connect or prompt the pairing dialog. Using a BLE sniffer, I was able to see that the iPhone 12's Pairing Request Packet (Bluetooth Core Specification v5.0 | Vol 3, Part H, Section 3.5.1) set the OOB data flag to '0'.
So my strong suspicion is it currently cannot be done.
My questions are:
According to the Bluetooth Core Specification (CSv5.0 | Vol. 3, Part H, Table 2.8), that limits pairing to Just Works pairing - which is unauthenticated and has no man-in-the-middle protection even with LE Secure Coonnections. However Section 2.3.5.4 (CSv5.0 | Vol. 3, Part H), states that an out-of-band pairing mechanism may be used to send the TK (temporary key) if both devices support it. That would provide authentication (i.e. MITM protection) beyond Just Works pairing.
There are a number of white papers about implementing out-of-band pairing through the NFC radio (e.g. one from 2014 from the NFC Forum). So this is not a new concept.
Searching through the forums, I have been unable to find a definitive answer as to whether or not iOS supports OOB pairing through NFC:
This same question was asked five years ago and unanswered.
As of two years ago (which may be old news) the best answer was, AFAIK, no
1 month ago, the answer was it cannot be done without the pairing dialog. But this answer neglected to say whether or not it could be done with the pairing dialog.
I have a prototype BLE accessory that implements OOB pairing. This works with a 4-year-old HTC running Android 9 at the OS level - no app required. I tested same accessory with an iPhone 12 running iOS v14.4.2 and was unable to connect or prompt the pairing dialog. Using a BLE sniffer, I was able to see that the iPhone 12's Pairing Request Packet (Bluetooth Core Specification v5.0 | Vol 3, Part H, Section 3.5.1) set the OOB data flag to '0'.
So my strong suspicion is it currently cannot be done.
My questions are:
Does iOS support out-of-band pairing through the NFC radio?
If no, are there any plans in the roadmap to support OOB through NFC?
Why is Apple at least four years behind Android in implementing this feature?
