0

There are many 3rd party apps freely available which can provide UUID of any BLE beacon. In certain use cases, this could raise major security and reliability concerns. Few questions pertaining this: 1. At the moment, do the rotational UUID is the only way to prevent the misuse of the UUID of the beacons placed at public places ? 2. Beacons supplier like Estimote provide features like rotational UUID with encryption. Does this method really a foolproof way to make UUID secure ? Regards,

user7892337
  • 33
  • 4

1 Answers1

2

While it is certainly possible for others to imitate and spoof a beacon advertisement, for most use cases the incentives to do so are minimal, and consequences are minor. As a result, the vast majority of app developers choose to simply accept this risk as a cost of doing business. In other cases, you can develop secondary security mechanisms outside the beacon advertising channel.

If you have a use case where you are not willing to accept this risk, you can use a beacon that will rotate its identifier in some unpredictable way, but even this is not foolproof. See my answer here for details.

davidgyoung
  • 63,876
  • 14
  • 121
  • 204
  • The beacons having feature of rotating the identifier do not change the MAC id of the beacon I guess. Rotating identifier means changing ONLY the UUID, is it correct? Apps like 'Locate' can show UUID and MAC id of the beacons. Since the MAC id of a beacon remains same forever, the MAC id can be used to identify the beacon uniquely. So someone can chose to use MAC id to interact with the beacons, by passing the UUID altogether. So what is the actual benefit of using rotational UUID feature if the beacons are still susceptible to misuse as the MAC id never changes ? – user7892337 Dec 17 '18 at 08:38
  • 2
    While Estimote may not rotate the MAC address with their solution, other similar approaches like Eddystone-EID do rotate the MAC. While rotating the mac does further obscure the transmission from tracking, not all trackers will look at the mac (iOS apps for example are not allowed to do so by the operating system) -- some just look at the beacon identifier, so the UUID rotation is not without value. – davidgyoung Dec 17 '18 at 13:20