Page 1 of 1

Security problem in pairing mode (AT+BLEENC)

Posted: Tue Jul 09, 2019 4:46 pm
by aldecei
Hi, AT+BLEENC seems to work only if a device is connected, wich is concerning because the client can write/read during a short period of time without any permission.

For the context, here is a git issue tackling the problem but without solution: https://github.com/espressif/esp32-at/issues/45

Did I missunderstood something ?

For the moment, we can't send AT+BLEENC if no device is connected (I get "ERROR").
When I connect my phone to the ESP32, I send AT+BLEENC AT+BLEENCRSP AT+BLEKEYREPLY and a pairing request is asked.
I can ignore that pairing request during 10 seconds and during this time, I can read and write to my ESP.

That is problematic

Here is my code:

Code: Select all

AT+BLEINIT=2
LESECPARAM=4,1,16,3,3
waiting for connection...

Code: Select all

AT+BLEENC=0,3
AT+BLEENCRSP=0,1
AT+BLEKEYREPLY=0,123456
Pairing request...

And here I can do what I want without any pairing/permssion/passkey


I tried differents parameters for BLESECPARAM and BLEENC.
Did I miss something ?

Thank you.

Re: Security problem in pairing mode (AT+BLEENC)

Posted: Thu Jul 11, 2019 7:31 am
by Helen L
Maybe you can set the permission of the BLE characteristic in esp32-at/components/customized_partitions/raw_data/ble_data/, to make it only able to read/write when encrypted.
1.png
1.png (171.34 KiB) Viewed 5085 times
2.png
2.png (287.53 KiB) Viewed 5085 times

Re: Security problem in pairing mode (AT+BLEENC)

Posted: Thu Jul 11, 2019 8:43 am
by aldecei
Thank you, it works ! I didn't think that it would need an AT security configuration plus a service.bin perm configuration.

I still have an problem, but different: Is it possible to set a static pairing key ?
For the moment, the pairing key is set automaticly with "+BLESECNTFYKEY:0,xxxxxx".

Re: Security problem in pairing mode (AT+BLEENC)

Posted: Thu Jul 11, 2019 10:39 am
by aldecei
I opened the samed issue on the git and had a quick response: we can't set a pairing key for the moment. The feature may be added in the future

https://github.com/espressif/esp32-at/issues/219