Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bluetooth: Inform privacy risk of using signed writes. #15281

Merged
merged 1 commit into from
May 9, 2022

Conversation

pan-
Copy link
Member

@pan- pan- commented May 6, 2022

Summary of changes

The Cordio stack uses a single CSRK. It can be used by a
malicious device to track the Mbed OS application if signed
writes are used.

This PR documents the issue and explain workaround an application can
adopt.


Pull request type

[x] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results

[x] No Tests required for this change (E.g docs only update)
[] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

Reviewers


The Cordio stack uses a single CSRK. It can be used by a
malicious device to track the Mbed OS application if signed
writes are used.

Signed-off-by: Vincent Coubard <vincent.coubard@arm.com>
@pan- pan- requested review from andypowers and evedon May 6, 2022 12:51
@ciarmcom ciarmcom added the release-type: patch Indentifies a PR as containing just a patch label May 6, 2022
@ciarmcom ciarmcom requested a review from a team May 6, 2022 13:00
@ciarmcom
Copy link
Member

ciarmcom commented May 6, 2022

@pan-, thank you for your changes.
@ARMmbed/mbed-os-maintainers please review.

Copy link
Contributor

@evedon evedon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you Vincent

@mergify mergify bot added needs: CI and removed needs: review labels May 6, 2022
@0xc0170
Copy link
Contributor

0xc0170 commented May 6, 2022

CI started

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants