1

I need to securely paired a bluetooth device to an iOS device, I know that in Bluetooth 4.0 and 4.1 there is three way to do the pairing : Just Works, Passkey Entry and Out Of Band (OOB).

We need to use the highest security paring protocol, which it found to be the Out Of Band (OOB) method.

I know that apple used the OOB method for pairing the apple watch to an iPhone, at least they say so in the iOS Security Guide (at the end of the page 22).

So I'm wondering is there any API from apple that I can use for pairing my device with the OBB method, or maybe you can suggest me any other secure method.

Thank you so much for your help, it's highly appreciated !

Philippe
  • 1,567
  • 16
  • 18

1 Answers1

1

The only available bonding (pairing) method in Core Bluetooth is passkey entry.

The Apple Watch uses an OOB technique involving an image captured by the phone's camera with a fallback to passkey, but this is not available to other apps.

If your device has a display and can generate a random passkey then this technique is much the same as OOB in terms of security. If your device doesn't have a display then the security depends on how the passkey is shared (e.g. fixed passkey such as 0000 for all devices, not very secure. Random passkey for each device on a sticker is more secure)

Paulw11
  • 108,386
  • 14
  • 159
  • 186
  • 1
    A random passkey isn't the same as OOB on BLE 4.1 and earlier - passkey used symmetric encryption so it is [vulnerable to passive eavesdroppers](https://lacklustre.net/projects/crackle/). (It was a deliberate design flaw; nothing was 'cracked'. Also it isn't fair to say that BLE 4.1 encryption is worthless - the attacker has to be present during pairing to break it.) – Timmmm May 27 '16 at 09:49