See https://pomcor.com/2015/06/03/has-bluetooth-become-secure/
Basically its a mess. As far as I can tell, the actual encryption (AES-128 CCM) is fine, but the key exchange (pairing) methods are all broken in various ways. Just Works is vulnerable to MitM by design (a reasonable trade-off for the improved usability in some cases). Numeric Comparison is actually secure, but it requires Bluetooth 4.2, a screen and "yes/no" buttons on both devices which is very often not possible. Passkey Entry (i.e. a PIN) is totallly broken. OOB is secure but you can't use it anyway because of lack of support on Android and iOS. Also note that the 'LE Secure Connections' feature is optional even in Bluetooth 4.2. So even if you have a phone or peripheral that supports Bluetooth 4.2, it might still use the legacy methods. On 30 November 2016 at 17:06, Mike Ryan <miker...@lacklustre.net> wrote: > This is the first I've heard of LE Secure Connections having any > weakness. Can you elaborate and/or provide a citation? > > On Wed, Nov 30, 2016 at 12:23:06PM +0000, Tim Hutt wrote: > > Just in case you weren't aware, OOB is not available on iOS or Android > > (except via NFC). Also all BLE pairing methods except OOB and Numeric > > Comparison (which requires a screen) are apparently broken in various > ways, > > even with LE Secure Connections. >
