Reputation: 21
Few questions regarding AltBeacon (Android beacon tech in general)
I was looking at the AltBeacon library, and am planning on using it. But before doing that, I have few questions in general (more theoretical in nature). If someone can help me understand, it would be great.
a) Is there a way to make sure that the AltBeacon advertisement is UNIQUE. In a sense that, no one else can by mistake not be using the same UUID, major and minor Ids in their beacon. Because if that happens, our application run a risk of identifying another company's beacon and malfunction and also vice-versa.
b) As far as I am aware, any device with BLE enabled can scan and get the codes of any beacon in surrounding. This exposes beacon's UUID, Major ID, Minor ID, RSSI etc which poses security risks to the application owners like say, someone else's app working on my beacons (hijacking of sorts), modifying the entire Beacon advertisement codes, etc.
So, I wish to know is there any solution (workarounds) to these available right now in AltBeacon spec and library itself? Or are they in queue? I am not sure, whether this is something that can be done at the library level itself, or Android level or may be Bluetooth LE specification needs to incorporate these. I know Apple and some other companies have rolled out their security features like restricting scanning to your own beacons, rotating Beacon IDs etc. Is there something of this sort there or planned on AltBeacon end as well?
Upvotes: 2
Views: 604
Answers (2)
Reputation: 11
Please be advised that this is always the case. A beacon in the Apple Universe is a location service. Alt beacon is essentially based on this, so it has the same limitations. The Beacon ID is not and will never be a secure identifier. Anyone can copy a Beacon ID. There is no handshake, there is no cryptography.
Actually apple mobile devices are trying to hide beacons that you are not scanning for. But Android does not. Even if Android does start to hide the ID's there will always be some other means to receive the Bluetooth signal and read the ID. So "hiding" is obviously not a solution.
There are a couple ways to overcome this Hijacking attack vector. There are beacons that do change their UUID, Major, Minor by changing these at given intervals (ie. once a day) that is only predictible if you know an initial mutual secret. The same principle is used with hardware Secure Tokens (ie. "RSA SecurID"). But as far as I know there are no beacons out in the wild that are sold with this feature.
So unfortunately there are no readily available solutions for this right now in the AltBeacon spec and/or any other manufacturer or library (also not for iBeacon).
Upvotes: 1
Reputation: 402
My experience in working with beacons for last few months says that the broadcasting of the advertisement packet (uuid, maj, min) is a specification followed by most of the beacon(ibeacon) and yes it can be detected by apps (other than your own) if Beacon layout matches - check - Is this the correct layout to detect iBeacons with AltBeacon's Android Beacon Library?
On the other hand you can restrict your app by setting custom region that can be configured to detect beacon(s) only with certain uuid/maj/min, discarding any other beacon that doesnot match region. Here is a description on how to use the Region Altbeacon Region class
Hope you find it useful.
Upvotes: 0
Related Questions
- Altbeacon library not able to find/trace transmitting beacon near device
- AltBeacon Beacon creation App
- Do turning bluetooth on with Android makes it a beacon?
- How does a Bluetooth beacon work with an app?
- Android Beacon Library - correct use of BluetoothMedic?
- Using AltBeacon as a Wrapper For BLE Scanning/Connections
- Questions about android-beacon-library's scan-period
- Alt Beacon Android unstable
- Android One as beacon transmitter
- How do I find ANY beacon using the AltBeacon android reference library?