Other Parts Discussed in Thread: SYSCONFIG
Tool/software:
I have questions regarding
the InjectaBLE vulnerabilty as stated here: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/
and the recommendation from TI: (src:https://www.ti.com/seclit/ca/swra716/swra716.pdf)
(if link does not work it is the swra716.pdf from you with the titel: PSIRT Notification InjectaBLE: Injecting Malicious Traffic Into Established Bluetooth® Low Energy Connections
- Use encryption in any profile required under specification.
- For any vendor-specific profile implementation with custom attributes, require encryption by default for both read and write operations on its characteristics.
- Give preference to use LE Secure Connections pairing using authentication and require 128-bit encryption keys, if possible.
1): What exactly does that mean for the standard services we are offering on BLE: Generic Access, Generic Attribute and Device information?
Do we need to set the 'requires encryption'? What about those we do not even have access to?
2) How to deal with OAD - since not beeing a BLE standard - and our own services is clear
3) what has to be set in the sysconfig or otherwise to make hat happen?
