CODEWITHSUNDEEP
vuejs3bluetooth-lowenergyserial-numberweb-bluetooth
user12824511
user12824511

Reputation: 1

serial_number_string blocked on web bluetooth (BLE) - avoid blocklist

I need to get the serialnumber of my BLE device. For this I currently access the device_information service and then get the characteristic serial_number_string / 0x2A25. However I get a console error, that this UUID is blocked.

On the WebBluetoothCG I found the blocklisted characteristics, which also lists the serialnumber. Is there anyway to bypass the blocklist?

My code looks like this:

const deviceInfoService = await device.value?.gatt?.getPrimaryService('device_information')

const deviceInfoCharacteristics = await deviceInfoService?.getCharacteristic(0x2a25) //serial_number_string

In the same service I can read the characteristics for the firmware, manufacturer, hardware and model name.

Upvotes: 0

Views: 152

Answers (1)

nondebug
nondebug

Reputation: 1011

The serial number string characteristic is blocked for privacy reasons. The serial number identifier can be used for active fingerprinting and usually can't be modified by the user.

# org.bluetooth.characteristic.serial_number_string
# Block access to standardized unique identifiers, for privacy reasons.
00002a25-0000-1000-8000-00805f9b34fb

https://github.com/WebBluetoothCG/registries/blob/228b62c31c177c9b770b79896aec9ef660f62216/gatt_blocklist.txt#L53

There's some additional context in https://crbug.com/532930#c17:

Blacklisting the Serial Number String is probably the right call: it's a standardized way to get a unique identifier, and we're blocking addresses to avoid trivially identifying devices. Devices can still stash an ID in any custom GATT field, but we don't want them to do it accidentally.

Device identification is important, despite the privacy risk. Applications need to be able to distinguish devices when two devices of the same type are connected. Applications should also be able to recognize when they have reconnected to a device that was previously connected. Blocking access device identifiers like the device address or serial number makes this difficult.

BluetoothDevice exposes an id attribute that aims to solve these issues while preserving user privacy. The id attribute is unique for a specific Bluetooth device, user profile, and host. Clearing permissions also clears stored id attributes, causing a new identifier to be created the next time the device is connected.

Upvotes: 0

Related Questions