From 53ac45e03baab898f610017bae8388c0ff38806b Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Fri, 6 May 2022 13:49:20 +0100 Subject: [PATCH] Bluetooth: Inform privacy risk of using signed writes. The Cordio stack uses a single CSRK. It can be used by a malicious device to track the Mbed OS application if signed writes are used. Signed-off-by: Vincent Coubard --- features/FEATURE_BLE/README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/features/FEATURE_BLE/README.md b/features/FEATURE_BLE/README.md index 6030bd3515d..771183401eb 100644 --- a/features/FEATURE_BLE/README.md +++ b/features/FEATURE_BLE/README.md @@ -8,3 +8,19 @@ This is the Github repository for the `BLE_API`. Please see the [Mbed OS Example * [Mbed OS example BLE GitHub repo](https://github.com/ARMmbed/mbed-os-example-ble) for all Mbed OS BLE examples. * [Mbed OS BLE introduction](https://os.mbed.com/docs/latest/apis/ble.html) for an introduction to Mbed BLE. * [Mbed OS BLE API page](https://os.mbed.com/docs/latest/apis/bluetooth.html) for the Mbed BLE API documentation. + +## Privacy notice + +The Cordio Bluetooth stack only stores one single signing key. This key is then +shared across all bonded devices. If a malicious device bonds with the Mbed OS +application it then gains knowledge of the shared signing key of the Mbed OS device. +The malicious device can then track the Mbed OS device whenever a signing write +is issued from it. + +To overcome this privacy issue do not issue signed writes from the Mbed OS device. +A signed write occurs when the member function `write` of `GattClient` is called +with its `cmd` argument set to `GATT_OP_SIGNED_WRITE_CMD`. + +Instead of using signed writes, enable encryption on the connection. This is achieved + by calling the function `setLinkEncryption` of the `SecurityManager`. Set the encryption +to at least `ENCRYPTED`. \ No newline at end of file