Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How secure is iBeacon? [closed]

Tags:

security

ios

bluetooth-lowenergy

ibeacon

iBeacon is a promising new technology. But how secure is it? Bluetooth Low Energy (BLE) can be secure when encryption is enabled. However, this is only the case when communication is established. But the iBeacon framework isn't meant to allow communication between devices. It even isn't possible to communicate through the iBeacon framework (CoreBluetooth should then be used). An iBeacon is only capable of advertising (data). But are those advertising packets secured or are these open for public?

I am missing a more detailed (technical) report on iBeacon.

Another thing which isn't very clear: who starts 'talking'? Is it the advertising iBeacon device or the monitoring application/device. Is an advertising iBeacon device always advertising?

like image 956
Safaci Avatar asked Nov 27 '22 13:11

Safaci

2 Answers

Security is entirely up to you.

iBeacons are secure in the sense that they are very simple devices that do nothing but transmit a 3 part identifier (and a transmitter power measurement). They are always advertising unless you go out of your way to stop them.

Anybody can see this identifier, so you had better not expect to keep it secret! Last week for example, I went to the Washington, DC Apple store and used my Android iBeacon Locate app to find out the three part identifier of the iBeacon near the entrance to Apple's store.

With this info, I then configured my own iBeacon to transmit the very same tree part identifier, theoretically enabling me to push offers to apps configured to respond to Apple's iBeacon.

Is this a security problem? Only if you design a system that incorrectly assumes the an iBeacon identifier is secret.

Interestingly, Apple's iOS APIs forbid scanning for completely unknown iBeacon identifiers (you must at least know the first of the three part identifier), suggesting they want to maintain this secrecy. Given that Android and OSX offer no such prohibition, it is best not to expect your iBeacon identifier remain secret.

like image 76
davidgyoung Avatar answered Dec 06 '22 02:12

davidgyoung

Security for iBeacon is not interpretable as there is no connection established between the receiver and the iBeacon. An iBeacon is nothing more than a BLE peripheral advertising a special packet. You can read about the details in this SO question: What is the iBeacon Bluetooth Profile

like image 33
allprog Avatar answered Dec 06 '22 01:12

allprog
Sign in to Comment

Related questions

UICollectionView- How to remove spacing above first cell?
Objective-c Check file size from URL without downloading
UICollectionView Using Swift
How to listen for UIReturnKeyType.Next with Swift iOS
Can debug app on device but cannot profile: the app must be signed with a development identity
enumeration values 'NSFetchedResultsChangeMove' and NSFetchedResultsChangeUpdate' not handled in switch
Autocapitalization of words does not work in UITextView
Phonegap / ionic app splash screen are not shown
How to send a localNotification at a specific time everyday, even if that time has passed?
removing white spaces at beginning and end of string
Getting system uptime in iOS/Swift
UICollectionViewScrollPosition not working
Remove special characters from the string
How do you get image file name from UIImagePickerController?
Finding a bug using Xcode - attempt to insert nil value
'Cannot do a comparison query for type: (null)' when setting up UINavigationController
How to show/hide view in Xcode [closed]
Anyway to shorten if ( i == x || i == y)?
Convert GMSVisibleRegion to CLRegion or MKCoordinateRegion
AVAudioplayer not playing

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!