Bluetooth Low Energy - BLE or BTLE - does have broken security. But that isn't the major problem with it. The problem is that even if the security was good, developers wouldn't use it because of usability issues. I will expand.https://twitter.com/matthew_d_green/status/1093184429156114433 …
-
Show this thread
-
To use any of the built in security, you need to pair and bond to the device. Both Android and iOS make this painful with apps. It ruins the customer journey.
2 replies 1 retweet 12 likesShow this thread -
As a result, apps will often only connect, and they implement the security. This is often badly broken. See the Tapplock: https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/ …
1 reply 0 retweets 12 likesShow this thread -
Worse still, the built in security doesn't facilitate sharing keys. If I want my visiting family to be able to connect to my BLE door lock, I can't easily use the security features already provided. So again, developers roll their own.
1 reply 0 retweets 9 likesShow this thread -
We have seen tens of naive, broken authentication protocols. Hashes of MACs, replayable unlock packets, unauthenticated AES...
5 replies 0 retweets 10 likesShow this thread -
Replying to @cybergibbons
MAC as in Media Access Control or Message Authentication Code?
1 reply 0 retweets 1 like -
I'd like to imagine that some dev was told to implement HMAC, and got the type of MAC mixed up 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.