Re: [Zephyr-devel] How hacker will hack/impact my BLE device, when ...??
Vikrant More <vikrant8051@...>
toggle quoted messageShow quoted text
Hi Vakul,Thanks for reply !!
No, APP can't differentiate between Genuine & Fake device.
And Yes, user by mistake can connect with his neighbor/attacker Device.
solution - 1) APP will check RSSI signal strength of Device. If it is in the range of 1-2 meters then only APP proceeds further.
2) APP will pop-up with BUTTON to force user to Blink LED on connected device. And ask user "Have you seen Blinking LED ?"
If he/she clicks on "YES", then only APP proceeds further.
A = attacker fake device
B = newly purchased User's device
if user by mistake connect with A, then APP will Blink A instead B. Even after this, if user click on "Yes" on response of "Have you seen Blinking LED ?"
then it is User responsibility.
Risk - In above example, User can connect with A, at same time attacker could connect with B.
And when user click on Button to blink LED, same time attacker may Blink LED on B. Here, user may feel that he is connected to B & will press on "YES"
On Wed, Mar 21, 2018 at 10:38 AM, Vakul Garg <vakul.garg@...> wrote: