I am trying to create a BLE device that is actually steam safe. As far as I know, transport encryption (using AES) is safe in all versions of BLE, after exchanging the "Long Term Key".
BLE 4.1
BLE 4.1 and earlier use symmetric cryptography, and the access key (PIN) is only 6 digits, so it is trivially passively to eavesdrop on pairing, passkey enumeration and get LTK from this. This seemed to be unsafe in design because it was believed that devices with low BLE power would not have enough energy to perform asymmetric cryptography.
BLE 4.2
BLE 4.2 adds Secure Connections. This, apparently, is also violated and that it was still violated in 2008 when the same pairing method was used in Bluetooth 2.1 !! It does not completely destroy pairing - only the password entry method - and you will only know the passkey, not LTK. But this allows the attacker to carry out a MitM attack if the passkey is not changed for each pairing attempt.
Out of range pairing
An out of range pairing method would be a great choice, then I can use a QR code or something like that. However, there are no public APIs to access the OOB method on Android or iOS. Android supports OOB pairing via NFC, but iOS does not.
, - , .
: