Bluetooth: Inform privacy risk of using signed writes.

The Cordio stack uses a single CSRK. It can be used by a malicious device to track the Mbed OS application if signed writes are used. Signed-off-by: Vincent Coubard <vincent.coubard@arm.com>
2022-05-06 13:44:33 +01:00 · 2022-05-06 13:44:33 +01:00 · c34640495f
parent f2c9c60eb3
commit c34640495f
1 changed files with 16 additions and 0 deletions
--- a/connectivity/FEATURE_BLE/README.md
+++ b/connectivity/FEATURE_BLE/README.md
@ -8,3 +8,19 @@ This is the Github repository for the `BLE_API`. Please see the [Mbed OS Example
 * [Mbed OS example BLE GitHub repo](https://github.com/ARMmbed/mbed-os-example-ble) for all Mbed OS BLE examples.
 * [Mbed OS BLE introduction](https://os.mbed.com/docs/latest/apis/ble.html) for an introduction to Mbed BLE.
 * [Mbed OS BLE API page](https://os.mbed.com/docs/latest/apis/bluetooth.html) for the Mbed BLE API documentation.
+
+## Privacy notice
+
+The Cordio Bluetooth stack only stores one single signing key. This key is then 
+shared across all bonded devices. If a malicious device bonds with the Mbed OS 
+application it then gains knowledge of the shared signing key of the Mbed OS device. 
+The malicious device can then track the Mbed OS device whenever a signing write 
+is issued from it. 
+
+To overcome this privacy issue do not issue signed writes from the Mbed OS device.
+A signed write occurs when the member function `write` of `GattClient` is called 
+with its `cmd` argument set to `GATT_OP_SIGNED_WRITE_CMD`.
+
+Instead of using signed writes, enable encryption on the connection. This is achieved
+ by calling the function `setLinkEncryption` of the `SecurityManager`. Set the encryption 
+to at least `ENCRYPTED`.