Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 4fbc7412 authored by Jaikumar Ganesh's avatar Jaikumar Ganesh
Browse files

Don't enforce Authenticated Link key (MITM protection) on PBAP. 

Gory Details:
  SecureRfcomm API => authentication is true and encyrption is true. (HIGH)
  InSecureRfcomm API => authentication is false and encryption is true. (MEDIUM)
  The authentication above refers to the authentication of the link
  key i.e prevention of MITM attacks.
  Bluetooth 2.0 legacy pairing doesn't provide MITM protection.

  Bluetooth 2.1 -> If pairing is done with MITM protection already,
  this doesn't matter. If pairing is NOT done with MITM protection
  we have the same security as the other core profiles. It dones't make
  sense to enfore MITM for this profile while having Handsfree profile
  to not have MITM i.e some attacker can listen in on conversations.

  Why are we changing this now: More headsets with 2.1 and No Input/Output
  have started to support PBAP. So we pair without MITM with them and then
  when the PBAP request comes it fails because we need MITM protection and
  we try to exchange keys (i.e pair again)
  The headset don't allow pairing to happen at any time because its a security
  issue and hence PBAP request fails.

Change-Id: Ia80c15c545e9396e7c6882b731c90a8ede119827
parent 4ce32fcc
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment