RNode: Pair BLE Without A Cable? #638
Replies: 2 comments 1 reply
-
All other pairing methods than randomly generated passkey entry and/or confirmation is currently considered insecure, and open to MITM attack from anyone in the vicinity of your devices. Here's some relevant reading: The current BLE implementation in the RNode firmware requires what the Bluetooth specification calls a "secure connection", before it will allow reading or writing any GATT endpoints, and using an insecure pairing method will not provide the required connection class. An alternative implementation could be written, but it will be insecure. Simply having someone read the encrypted Reticulum traffic going to and from your host device is not the only security risk here. Using an insecure connection, it is also much more trivial for someone to disrupt your communication, inject packets or control RNode settings. Personally, I would find such a device completely unacceptable to use.
I agree, but it's simply not possible to do this securely without some sort of out-of-band passkey verification. One thing that might make things easier is to add pairing PIN display to programs such as Sideband or @liamcottle's web flasher (the PIN is sent over the serial connection each time it is updated).
I don't know about any other practical options, unfortunately. You could blink the NeoPixel in a number sequence or something, but I'm guessing users might find that more confusing than just using a companion application ;) Unfortunately, you can't even use a user-defined, or pre-programmed unique pairing code per-device, since the passkey needs to change for every pairing request to not be insecure. Yes, it's stupid - don't ask me why they designed the pairing protocol like this. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the quick and detailed reply Mark, what you explained here makes sense. I will certainly take a look at the links you shared. I agree that a secure solution is a priority, and should not be compromised for convenience.
Good point, these would help. With these options you could manage your RNode with only a mobile device. Thanks again. |
Beta Was this translation helpful? Give feedback.
-
|
i was just working on a set of 5 rak4631's without displays. i had some issues to work out, but i will say having a display is a must. i would definitely love to see the rnode display directly in sideband when connected over usb, or at least have the pairing pin code show in sideband. |
Beta Was this translation helpful? Give feedback.
-
Background
I am in the early stages of designing a RNode radio using the RAK4630 module. One of my design goals is for the device to be as simple as possible, so it currently only has a NeoPixel LED indicator and a single user button.
Primary Question
It would be great to be able to Bluetooth pair to a smartphone without requiring the wired connection. It seems like the only reasonable out-of-band options for sharing the unique pin are 1) via a display connected to the device, or 2) via a wired connection to a computer. Are there any other options that don't compromise security?
Adjacent Question
I may be showing my ignorance here, but I would like to better understand the risks of using something like Just Works BLE pairing or a default pin in the case of an RNode device without a display. Since the RNode device is basically just a serial-to-LoRa interface, and all the encryption and application tasks are happening on a different device, it seems like there wouldn't be much risk associated with the RNode device itself. Thanks in advance for any insight.
Beta Was this translation helpful? Give feedback.
All reactions