Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bluetooth: Inform privacy risk of using signed writes. #15281

Merged
merged 1 commit into from
May 9, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions connectivity/FEATURE_BLE/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,19 @@ This is the Github repository for the `BLE_API`. Please see the [Mbed OS Example
* [Mbed OS example BLE GitHub repo](https://github.com/ARMmbed/mbed-os-example-ble) for all Mbed OS BLE examples.
* [Mbed OS BLE introduction](https://os.mbed.com/docs/latest/apis/ble.html) for an introduction to Mbed BLE.
* [Mbed OS BLE API page](https://os.mbed.com/docs/latest/apis/bluetooth.html) for the Mbed BLE API documentation.

## Privacy notice

The Cordio Bluetooth stack only stores one single signing key. This key is then
shared across all bonded devices. If a malicious device bonds with the Mbed OS
application it then gains knowledge of the shared signing key of the Mbed OS device.
The malicious device can then track the Mbed OS device whenever a signing write
is issued from it.

To overcome this privacy issue do not issue signed writes from the Mbed OS device.
A signed write occurs when the member function `write` of `GattClient` is called
with its `cmd` argument set to `GATT_OP_SIGNED_WRITE_CMD`.

Instead of using signed writes, enable encryption on the connection. This is achieved
by calling the function `setLinkEncryption` of the `SecurityManager`. Set the encryption
to at least `ENCRYPTED`.