Geek Answers Handbook

How secure is iBeacon?

iBeacon is a promising new technology. But how safe is it? Bluetooth Low Energy (BLE) can be protected when encryption is enabled. However, this is only in the case of establishing a connection. But the iBeacon infrastructure is not designed to communicate between devices. It is even impossible to exchange data through the iBeacon framework (then CoreBluetooth should be used). IBeacon is able to advertise (data). But are these proposal packages protected or open to the public?

I am missing a more detailed (technical) report on iBeacon.

Another thing that is not very clear: who begins to "speak"? This is an iBeacon advertising device or monitoring application / device. Ever advertising iBeacon advertising?

+4
source share
4 answers

Security is completely up to you.

iBeacons are safe in the sense that they are very simple devices that do nothing but transmit a three-part identifier (and measure transmitter power). They always advertise unless you go out of their way to stop them.

Anyone can see this identifier, so you better not expect it to be secret! Last week, for example, I went to the Apple store in Washington, DC and used the iBeacon Locate Android app to find out the identifier of the three parts of the iBeacon near the entrance to the Apple store.

With this information, I then set up my own iBeacon to transmit the same part of the tree identifier, theoretically allowing me to push offers to applications configured to respond to the Apple iBeacon.

Is this a security issue? Only if you create a system that incorrectly assumes that the iBeacon identifier is secret.

Interestingly, the Apple iOS APIs prohibit scanning of completely unknown iBeacon identifiers (you should at least know the first of the three part identifiers), offering them to keep this secret. Given that Android and OSX do not offer such a ban, it is best not to expect your iBeacon identifier to remain secret.

+15
source

Security is not interpreted for iBeacon because no connection is established between the receiver and iBeacon. IBeacon is nothing more than BLE peripheral advertising for a special package. You can read about the details in this SO question: What is the iBeacon Bluetooth Profile

+6
source

It’s best to think of iBeacon as a special type of road sign. IOS software can detect a traffic sign and read what is printed on it. But everyone can go to the San Diego Zoo, see the sign "San Diego Zoo, Monkey House", make a copy of the sign and put it somewhere in Shanghai near the police station. Therefore, if you are in Shanghai and your zoo in San Diego is working and tells you that you are entering the monkey house, do not call the police monkeys.

+5
source

Despite all the attention from the technological world, lighthouses are not yet sent to the mainstream, because companies have many security problems around the lighthouses. Especially with the team that managed to crack the CES 2014 Scavenger Hunt, a beacon application that was not even physically present at the site. Therefore, when it comes to developing applications for proximity solutions, you should include a security model that takes into account common risks, such as device spoofing and man-in-the-middle interception. Another important thing that should be noted is that the compensation compensation mechanism that you use must be consistent with the relevant application. We've put together a checklist on Wafer’s methods for assessing lighthouse safety; http://blog.beaconstac.com/6-myths-around-beacon-security-and-privacy/

+2
source

More articles:


All Articles