Just Works Bluetooth Pairing

Mar, 01 2022

"Just Works" Bluetooth Pairing

In Bluetooth, connecting and pairing are not the same. Simply connecting (without a bond) to a device implies a short term, one off connection between devices. While pairing, or establishing a bond, implies that the peripheral device should be trusted and will be available for future connections. Pairing prompts the exchange of security keys with the device and opens the option of encrypting that connection.

When a connection is re-established with a device that is not paired, there is a period of 2-way communication between devices as the connection is encrypted.

This is considered insecure as it invites the possibility of a Main In The Middle (MITM) attack. A malicious device could listen to the back and forth handshake that occurs on every reconnection event and intercept the connection information, overtaking the peripheral.

If you configure your peripheral device to enable bonding, the bond information is stored on non-volatile memory. This allows it to be referenced each time the connection is re-established and skip the back and forth handshake that is required by non-bonded devices.

There is a great answer on Stackoverflow that goes into more detail on these nuances.

There are a few different pairing methods to choose from when developing your Bluetooth device and they depend on what level of user interaction your peripheral device has available to it. Luckily for us, there is an option called "just works" which assumes that your peripheral has no input / output capability (such as keyboard or display). It should be noted that this is the least secure option, but allows us to benefit from the advantages of bonding with minimal user input.