The issue is that I developing application (esp32 based device with NimBle Stack) that send indication message to paired phones ... but I've noticed that indicate messages also available for not paired devices !!
In my case I consider it as security violation
Is there a way to send indicate messages only for paired devices or it will be send to all device that connected over Gatt protocol ?
And if yes then will it be encrypted that nobody could eavesdrop the message ?
Related
Can someone describe the APNs architecture to me in regards to:
How does the handshake work when authenticating from server to client, for a push-notification?
How does the APNs know when to send a push-notification to a phone after it's been turned off (push notification would have been originally sent to the phone at that time). Does the phone know to ping the APNs when it first boots up?
Telecoms is complicated and has evolved over time. An APN is not exactly an internet domain. It is used to establish a PDP context which sets up a tunnel to the home provider to allow packets to be exchanged, this maybe an internet connection. The apn is a name to indicate which network your device is part of, the hlr/hss from the operator will know if your sim is provisioned for that apn. The sim does the mutual authentication between terminal and network, the sim has a identical chip as your payment-card. It contains a secret and logic to verify it knows that secret.
The network can wake up a non-transmitting device, this can be a data-sms, but there is also a signal to send a push to the terminal. The hlr/hss has a message waiting flag indicator, so a switched off device will receive an sms, just one that is processed invisibly and would actually pling on your phone.
As I said, telecoms is complicated so my explanation is more storytelling than reading 3gpp specs.
I'm using Android Things 1.0.4 in a prototype where it acts as BLE peripheral device: advertising services and running a GATT server.
I encounter an issue in the BLE pairing process when trying to bond the Android Things board (Raspberry Pi 3) and a smartphone.
Since the device has no display, I set using BluetoothConfigManager:
IoCapability = BluetoothConfigManager.IO_CAPABILITY_NONE
which results in the error AUTH_FAILED every time.
Instead,
IoCapability = BluetoothConfigManager.IO_CAPABILITY_OUT
logs the pairing key and prompts the smartphone to enter it during pairing, but it results in the REMOVED error.
Questions:
Is Android Things in peripheral role capable of handling BLE pairing or not yet?
Are there more things that need to be implemented in the app's code to replicate the full-fledged Android logic?
Here's the source code of the Android Things app to test BLE pairing and bonding
The same code stripped from Android Things specific elements completes BLE pairing and bonding successfully when running on an Android phone as Peripheral (server), and an Android device or iPhone as Central (client).
Generally speaking, if you attempt to read an encrypted GATT characteristic before pairing (which triggers the pairing logic automatically), this results in GATT error 137 returned from the read request (AUTH_FAIL). This is because the device doesn't have enough time to finish setting up the bond before a response is sent by the Bluetooth stack. Retying the read request again generally succeeds.
I have not tested this with an iOS client device, but it certainly holds true with an Android client connecting to an Android (Things) peripheral. As such, I would recommend a few things:
Have the client (mobile) device explicitly initiate pairing, and Android Things should simply react to these incoming requests in the BluetoothPairingCallback. This lets the mobile device decide the pairing type based on the reported capabilities of the IoT device.
Separate the pairing flow from the GATT flow. Pair to the discovered device separately from making any attempts to read the characteristics. This tends to be the best way to avoid timing problems.
Regarding capability choices, this depends on your device. In my experience, if you choose IO_CAPABILITY_NONE this results in PAIRING_VARIANT_CONSENT inside of onPairingInitiated() and the pairing operation succeeds once finishPairing() is called. If you adjust your capabilities, you should be prepared for any number of the variants requiring you to display a PIN for the mobile device to enter. I have not not personally tested these paths.
How do I implement notification in BLE?
I have a smartphone, and every hour it will send notification to all nearby BLE devices (smartwatch, RFduino, etc) for time synchronization purpose.
Other devices are server now (since it provides data), and smartphone is the client that collect the data.
Could I piggyback into the advertisement packages? For example, the smartphone always broadcast an advertisement packet to annoucement its presence (that's how other devices can find it). Can I modify that packet to be a time sync?
In order to send notifications or advertisements, your smartphone has to act as a server, which also means that in order to be able to receive notifications or scan for advertisements, your peripheral devices must act as clients.
This can be a bit tricky, because if two devices act as client and server, they may not simultaneously fulfil the other role. You need to switch roles whenever needed, which is an open field for all kinds of problems.
Also, I am not convinced that it is really the optimal choice to let the smartphone regularly notify all devices in the vicinity. Each of the devices that wants to receive the notification has to be connected with the device in order to receive the notification, and this connection has to be already active when the notification is sent in order to really get the correct time. So all these devices need to connect in advance to the expected notification time, and hold up the connection until the notification has come.
It might be better to just advertise the current time, but remember that you can't connect to the smartphone as a server while it is advertising, because the link layer may not be in scanning and advertising mode at the same time, and you may also not be connected when advertising for a similar reason.
If you want to do it that way, you can include the time information in the advertising data. See the Supplement to the Bluetooth Core Specification v6, Part A for further information on the structure of the advertising data. You could put it in the manufacturer specific data.
However, another option would be to write the time directly to the device using a write request. You can define your own service and characteristics. You can include a "time synch necessary" information in the advertisement data of the servers, and when the smartphone evaluates the advertisement, it can connect to the corresponding device and send the time directly.
The advantage of this procedure is that time is only updated if you really need it on the device, and that you do not have to switch client/server roles, because the device in server role may advertise as normal, and the smartphone can always stay in client role.
Can a cell phone transmit SMS-CB (Short Messaging Service-Cell Broadcast) ?
If not, Can I get a device that can transmit SMS-CB messages ?
Else, Is there a good simulator that can simulate SMS-CB transmission and receiving mobile phones ?
Thank You
NOTE: Cell Broadcast (SMS-CB) is designed for simultaneous delivery of messages to multiple users in a specified area. For example, information such as Location, Tower name, Ads or Emergency messages can be transmitted.
Technically, the SMS-CB messages originate at a device called "Cell Broadcast Centre (CBC)", which is part of the network operators equipment. It sends the SMS-CB through the Base Station Controller (BSC). This cannot be done over the air, it is something which happens inside the mobile operators network. It would probably be too much to explain all GSM/3G/UMTS network components here, you might want to read up on mobile network architecture.
So the simple answer is no, a handset (mobile phone) cannot directly send SMS-CB messages.
Now the question is, how to tell the CBC to send an SMS-CB to some network cells. There exist some standardized interfaces for that, which are used for emergency alerting, e.g. the Commercial Mobile Alert System (CMAS) in the US. If these interfaces are designed sensibly, they cannot be abused by just about anyone using a mobile handset. But I would not be surprised if there were security gaps in some operator's networks which would allow unauthorized parties to send SMS-CB, e.g. via insecure Internet/SS7 gateways. But that is wild speculation. Normally, it should not be possible to send unauthorized SMS-CB from outside of the operator's network.
I have read this somewhere:
Most mobile operators encrypt all mobile communication data, including SMS messages In GSM, messages are encrypted using A5/1 but even when encrypted, the data held by SMS is readable for the operator. Mobile phone operators have the ability to filter and modify short messages during delivery. Also, it is possible that the operator might not filter messages on purpose but might use equipment that cannot handle encrypted messages.
I want to know..is it true..?
Can someone explain how this filtering is done..? and is there any solution to avoid such loss of messages on the network..?
A5/1 is being used on the radio link between mobile and base station controller (BSC, the network entity entity that manages the radio resources). The radio link transports a couple of higher level protocols, among them MAP which is used to transport SMS.
The BSC is relaying SMS over MAP into the core network. The protocol stack between BSC and core network is not encrypted as well as the communication inside the core network. This was deemed as not needed at time GSM was designed, the links are supposed to be mobile operators very own property and territory and therefore assumed being secure.
The core network typically delivers SMS to an SMSC (short message service center) which is reponsible for routing messages to receipients.
A network operator can read SMS in clear text in various places, e.g.
With a protocol analyzer, tapping links between network nodes
On the SMSC, in message queues (databases...) or even log files
On an MSC when tracing MAP messages
Message filtering and modification may happen on the SMSC, depending on the network operator needs.