BLE Security to device with no input or output capabilities

App & System Services Networking
swe-markus OP
Created Jan ’23
Replies 1
Boosts 0
Views 788
Participants 1

I'm wondering if there is a way to setup a secure connection between a iOS device and a peripheral that has no input or output?

According to the BLE spec the only way to setup a secure connection (with MITM protection) to a device with no input output capabilities, is to use OOB pairing. However the OOB doesn't seem to be possible to use through CoreBluetooth (https://developer.apple.com/forums/thread/679652).

And using a static passkey is not secure either.

So then the only other option seems to be "just works" which have no MITM protection.

Is there any other way?

I see some medical peripherals these days using BLE, are really all of these devices just open for MITM attacks?

Replies  1
Boosts  0
Views  788
Participants  1
swe-markus OP
Feb ’23

For example I have seen suggestions to use certificate based authorization and pairing (using OOB). But as I already stated there seems to be no possibility to handle OOB through CB. Or am I wroing?

0
BLE Security to device with no input or output capabilities
First post date Last post date
 
 
Q