Can I pair two devices over Bluetooth without a need to confirm this in user interface, accept to pair this devices. Can I exchange some extra data over, for example NFC, and then safely pair those two devices over Bluetooth without any extra user action?
Can someone connect to my Bluetooth without me knowing? Theoretically, anyone can connect to your Bluetooth and gain unauthorized access to your device if the visibility of your Bluetooth device is on.
Make sure Bluetooth is turned on. Touch and hold Bluetooth . In the list of paired devices, tap a paired but unconnected device. When your phone and the Bluetooth device are connected, the device shows as "Connected."
Go to the Policies tab, you can either create a new policy or edit an already existing one. Navigate to Android–> Restrictions–> Allow Network Settings. Enable the 'Force Bluetooth' option to prevent the users from turning OFF the blue tooth and the 'Force Wi-Fi' option to prevent turning OFF the Wi-Fi.
This need is exactly why createInsecureRfcommSocketToServiceRecord()
was added to BluetoothDevice
starting in Android 2.3.3 (API Level 10) (SDK Docs)...before that there was no SDK support for this. It was designed to allow Android to connect to devices without user interfaces for entering a PIN code (like an embedded device), but it just as usable for setting up a connection between two devices without user PIN entry.
The corollary method listenUsingInsecureRfcommWithServiceRecord()
in BluetoothAdapter
is used to accept these types of connections. It's not a security breach because the methods must be used as a pair. You cannot use this to simply attempt to pair with any old Bluetooth device.
You can also do short range communications over NFC, but that hardware is less prominent on Android devices. Definitely pick one, and don't try to create a solution that uses both.
Hope that Helps!
P.S. There are also ways to do this on many devices prior to 2.3 using reflection, because the code did exist...but I wouldn't necessarily recommend this for mass-distributed production applications. See this StackOverflow.
Well, this should really be broken into 2 parts:
I'm not sure how you do it in Windows land, but in *nix land there are functions buried in the Bluez stack that let you receive notifications about when a new device appears, and send it the pairing code (clearly there have to be these functions: those are what the user interface use). Given sufficient time and experience I'm sure you could figure out how to write your own version of the Bluetooth Settings app that somehow:
All without having to pop up a user interface.
If you go ahead and write the code I'd LOVE to get my hands on it.
Short answer: When I send files between devices with OBEX I am almost never prompted to pair, so it is certainly possible.
1) An application and the device itself can each be set to need/not-need authentication modes, so often there was no requirement for pairing. For instance most OBEX (OPP) servers don't need any authentication at all so there is not need for pairing/bonding.
Presumably "Wireless Designs"'s answer was covering that case.
2) Then if pairing was required by the device/app:
2.1) Prior to v2.1 for pairing then the two devices needed to have matching passphrase/PINs. So this either needed user involvement (to enter the PINs) or knowledge in the softwareto know the PIN: either defined in the app if pin callback send pin="1234"
, or smarts in the OS like BlueZ and Win7 (see Slide 20 at my Bluetooth in Windows 7 doc) which has logic like: if(remotedevice=headset) then expectedPin ="0000"
. Don't know what Android does
2.2) In v2.1 Secure Simple Pairing (SSP) was added. Which changes pairing to:
if (either is pre-v2.1) then Legacy else if (Out-Of-Band channel) then OutOfBand else if (neither have "Man-in-the-Middle Protection Required") then (i.e. both have "Man-in-the-Middle Protection _Not_ Required") Just-Works else Depending on the two devices' "IO Capabilities", either NumericComparison or Passkey. Passkey is used when one device has KeyboardOnly -- and the peer device _isn't_ NoInputNoOutput. endif
From 32feet.NET's BluetoothWin32Authentication user guide, see also the SSP sections in [1]
So to have pairing be unprompted needs either "JustWorks" or "Out-of-Band" eg your NFC suggestion.
Hope that helps...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With