Beacons for Kiosks

We previously wrote about the requirements for using beacons in vending machines.  There’s a new thought provoking article on Kiosk Marketplace on Are kiosks ready for today’s exciting digital technologies?

The article talks about using beacons to promote consumer interaction, track customer shopping patterns and offer rewards but stops short of providing some scenarios and explaining some of the technical possibilities.

Imagine approaching a kiosk and it automatically knowing who you are and providing one touch (or zero touch) vending of your favourite drink or snack. You are billed automatically and you accrue loyalty points. For the merchandiser, think about extra things you could do (or know) if you could target your top customers and offer them frictionless service. These things are possible using beacons.

Depending on what you need to do, the beacon can be in the kiosk or (or and) with the user. If it’s with the user it can be a physical beacon or an app advertising as a beacon. Some scenarios need more functionality or security than is provided with just Bluetooth advertising. In these cases, it’s possible to connect to the beacon via Bluetooth GATT to store or view data.

If you need more help then view our articles or consider a feasibility study.

Man-in-the-Middle Attacks on Beacons

There’s an interesting BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework on GitHub. It allows you to listen in on the Bluetooth GATT communication that goes on when an app connects to a beacon.

The majority of, scanning-type, apps don’t tend to connect via GATT and only read the advertising data that’s available to anyone. Connection usually only happens when configuring beacons or in advanced scenarios where the apps needs to read sensor or battery data. Some custom platforms’ apps also connect to beacons to perform platform related things such as remote setup, security or other such things specific to the platform.

The availability of a Man-in-the-Middle framework presents a security threat. The likelihood depends on the scenario. In the case of most beacons, the main GATT connection activity is one-off beacon setup by an administrator. In these cases the beacon communication interception is very unlikely.

The larger problem might be with platforms’ apps that connect to beacons where GATT connections happen regularly via users (platform apps) and not under control of an administrator. The implications of the communications data being able to be eavesdropped obviously depends on what’s being communicated. That being said, most current non-Beacon Man-in-the-Middle (WiFi) attacks usually have financial motivations. It’s difficult to think up beacon attacks that might lead to financial gain for the attackers. Nevertheless, if you work with such a system that regularly connects to beacons via GATT, you might like to think about the consequences of data and metadata (what’s being changed) eavesdropping.

A more positive use of BtleJuice might be to discover and reverse engineer Bluetooth GATT Services. As mentioned in a previous article, some of our beacon manufacturers haven’t documented their Bluetooth Service Characteristics. This means that while they are ok for scanning/proximity type applications, you can’t write your own app to, for example, change programatically the UUID, major and minor and must rely on the manufacturer’s configuration app or, in the case of the Sensoro beacon, their SDK. While this of no consequence for the majority of uses, more ambitious scenarios might want directly access the Bluetooth GATT services. BtleJuice provides a new way to reverse engineer those Bluetooth GATT Services.

GATT Connections and Battery Life

Our battery use power testing uncovered some cases where the battery current use during advertising was such that the battery would last longer than manufacturer specification. What was going on?

After contacting the manufacturers, it turned out that some of them include a degree of configuration activity in their battery life estimates. If you only measure the current during advertising then you haven’t taken into account the extra current used during configuration. Configuration via manufacturer apps connects to the beacon via Bluetooth GATT. GATT connections consume significantly more power. For one off configuration this will be negligible but if you are in the habit of repeatedly changing the beacon configuration then the battery life will be impacted.

The same goes for platforms/apps that periodically connect to beacons to read, change or monitor beacon parameters. The battery won’t last as long. It’s also for this reason, it’s preferable to read sensor beacon sensor data in advertising data rather than via GATT when this is supported by the beacon and your scenario can cope will less frequently reported data.

nRF Connect Now Has Macros

The Nordic nRF Connect app (formerly known as nRF Master Control Panel) allows you to manipulate beacons directly at the Bluetooth GATT Service/Characteristic level. It works with all beacons, not just those containing Nordic SoCs. There’s also a version for iOS. The app is particularly good at recognising known Bluetooth profiles and giving them useful human descriptions rather than leaving the Bluetooth Services as numbers.

The Android version of the app has recently been updated to support macros:


This means that if you are configuring lots of beacons, it’s now much less tedious, quicker and less error prone if you record and replay a macro setting all your desired Service/Characteristic settings.