• State
  • Locked Locked
  • Replies 5 replies
  • Subscribers 51 subscribers
  • Views 695 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Help for Android app and security with CC2541

Dirk Nerinckx35
Prodigy 30 points
Other Parts Discussed in Thread: CC2541

I am building an Android app ( BLE central) to connect to a CC2541 peripheral application.

After making the connection, I do a pairing/bonding. This works fine. The smartphone asks for a password the first time.

At the peripheral side, I use the following settings for the GAP bond manager:

uint8 pairMode = GAPBOND_PAIRING_MODE_WAIT_FOR_REQ; 

uint8 mitm = TRUE;
uint8 ioCap = GAPBOND_IO_CAP_DISPLAY_ONLY; 
uint8 bonding = TRUE;

My question is: how can I prevent that another app, like a BLE scanner, makes a connection to the peripheral and read or write the characteristics ?

With the above settings, this seems to be possible without giving a password.

I have tried to use GATT_PERMIT_AUTHEN_READ on the characteristics, but then my app asks for a password on every connect. This is not what I want.

 

  • 0
    TI__Mastermind 34660 points
    You can prevent connetions at the PHY layer using whitelists. That is, you can add any devices you want to connect to to the whitelist. No other devices will be allowed to establish a connection.

    However, it is not possible to do this if the peripheral device is using a private non-resolvable address which iOS devices and most Android devices use. In this case, your best bet is to use an application-level "whitelist." That is, you can check the address of any device that connects to you immediately after the connection is established. If you don't like that device, you can disconnect.
  • 0 in reply to Tim C
    Prodigy 30 points

    Thank you for your answer.

    Is there any possibility to avoid that another application can write to characteristics without giving a password ?

    I have tried to use  GATT_PERMIT_AUTHEN_WRITE on the characteristics but then my application asks for a password for each and every write, which I don't want.

  • 0 in reply to Dirk Nerinckx35
    TI__Mastermind 34660 points
    You can use GATT_PERMIT_AUTHOR_WRITE to use a custom application-level authorization method.
  • 0 in reply to Tim C
    Prodigy 30 points

    Hi Tim,

    I have tried to use GATT_PERMIT_AUTHOR_WRITE on the characteristics but then the Android app asks for a PIN on every connect/write even when I use pairing/bonding in the app ( with CreateBond ).

    That is something I don't want.

  • 0 in reply to Dirk Nerinckx35
    TI__Mastermind 34660 points

    Specific Android devices may have their own rules but generally speaking based on the BLE Spec and our stack, you should only have to enter a passcode once.  That is, the first connection you should pair and bond. Then, on subsequent connections you only need to bond (which does not require a passcode).

    I don't fully understand exactly what you're doing so i would need a sniffer capture to comment more.