BLE HID keyboard security question

pataga
Posts: 73
Joined: Sat Aug 12, 2017 5:53 am

BLE HID keyboard security question

Postby pataga » Wed Jun 30, 2021 3:57 am

I'm implementing a BLE HID keyboard using the ESP32-BLE-Keyboard library. I have a question about security.

Suppose I pair and bond with the desired remote host (phone or PC) using a PIN. Now if the remote host has Bluetooth turned off and I switch on the BLE keyboard, is it possible for a third party to turn on BLE scanning and pair/bond with the keyboard (assuming they know the PIN) ?

If so, is there any way I can at the time of pairing/bonding, get any permanent / semi-permanent remote host identifier that I can store in ESP32 non-volatile storage? So that I am aware it has changed.

So my issue is I need to generate a whitelist of remote hosts that the keyboard is allowed to send keystrokes to. Is this possible ?

pataga
Posts: 73
Joined: Sat Aug 12, 2017 5:53 am

Re: BLE HID keyboard security question

Postby pataga » Fri Jul 02, 2021 4:38 am

I found this snippet of authentication code on Neil Kolbans esp-32 snippets repository

Code: Select all

	void onAuthenticationComplete(esp_ble_auth_cmpl_t auth_cmpl){
		if(auth_cmpl.success){
			ESP_LOGI(LOG_TAG, "remote BD_ADDR:");
			esp_log_buffer_hex(LOG_TAG, auth_cmpl.bd_addr, sizeof(auth_cmpl.bd_addr));
			ESP_LOGI(LOG_TAG, "address type = %d", auth_cmpl.addr_type);
		}
and the 6-byte bd_addr field seems to be a useful identifier for the remote host. I un-paired my keyboard device, power cycled my phone and the phone bd_addr value did not change. And the addr value was different for 4 hosts I paired the keyboard with.

Does anyone know the longevity of this address ? Is it randomly re-cycled ?

Who is online

Users browsing this forum: Baidu [Spider], Google [Bot] and 137 guests