Hello,
I'm implementing a BLE peripheral base on BLE-STACK v2.2.2.
This peripheral exposes custom services which include sensitive data so I would like them to only be accessed via encrypted connections that have MITM protection.
The device has a factory-assigned pairing code that is printed on sticker attached to it and is configured as display only.
It exposes a few "standard" services (e.g. device info service) that are used as is from the SDK) and my custom profiles. The latter have GATT_PERMIT_AUTHEN_READ and/or GATT_PERMIT_AUTHEN_WRITE for the value characteristic.
Testing is done via the LightBlue app on an iPhone. When selecting the characteristic to read, a pop-up is shown requesting a pairing code. If I close the window without providing a code, reading fails (as expected) and no value is displayed, however, I could still register for notifications and get the value.
To overcome this, I also added GATT_PERMIT_AUTHEN_READ and GATT_PERMIT_AUTHEN_WRITE to the relevant clientCharCfgUUID of said characteristic.
Now when I try to register for notifications, the app behaves as if it fails (the "listen for notifications" button doesn't change to "stop listening to notifications", but notifications still come through.
The bond manager is configured as follows:
// Setup the GAP Bond Manager { uint32_t passkey = 123456; uint8_t pairMode = GAPBOND_PAIRING_MODE_WAIT_FOR_REQ; uint8_t mitm = TRUE; uint8_t ioCap = GAPBOND_IO_CAP_DISPLAY_ONLY; uint8_t bonding = TRUE; GAPBondMgr_SetParameter(GAPBOND_DEFAULT_PASSCODE, sizeof(uint32_t), &passkey); GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8_t), &pairMode); GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm); GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap); GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8_t), &bonding); }
I thought GATT_PERMIT_AUTHEN_READ/GATT_PERMIT_AUTHEN_WRITE are meant to allow access only with MITM protection, but it doesn't seem to be the case.
What is the correct procedure to allow only MITM-protected connections? Does it make sense for the standard profiles (e.g. device manager) to not be protected while others are or is there a way to globally allow only MITM-protected connections?
Thanks in advance,
Assaf