Basically its a mess. As far as I can tell, the actual encryption (AES-128
CCM) is fine, but the key exchange (pairing) methods are all broken in
various ways. Just Works is vulnerable to MitM by design (a reasonable
trade-off for the improved usability in some cases). Numeric Comparison is
actually secure, but it requires Bluetooth 4.2, a screen and "yes/no"
buttons on both devices which is very often not possible. Passkey Entry
(i.e. a PIN) is totallly broken. OOB is secure but you can't use it anyway
because of lack of support on Android and iOS.

Also note that the 'LE Secure Connections' feature is optional even in
Bluetooth 4.2. So even if you have a phone or peripheral that supports
Bluetooth 4.2, it might still use the legacy methods.

On 30 November 2016 at 17:06, Mike Ryan <> wrote:

> This is the first I've heard of LE Secure Connections having any
> weakness. Can you elaborate and/or provide a citation?
> On Wed, Nov 30, 2016 at 12:23:06PM +0000, Tim Hutt wrote:
> > Just in case you weren't aware, OOB is not available on iOS or Android
> > (except via NFC). Also all BLE pairing methods except OOB and Numeric
> > Comparison (which requires a screen) are apparently broken in various
> ways,
> > even with LE Secure Connections.

Reply via email to