Wireshark Supports Bluetooth Mesh

Wireshark has announced support for the Bluetooth Mesh Beacon, PB-ADV, Provisioning PDU and Proxy Bluetooth mesh protocols.

Wireshark is a protocol analyser that takes packets and decodes into human readable data. It’s usually used with other hardware and software as the last stage in processing captured data. For example, you can use Wireshark with the Nordic nRF sniffer, on Adafruit hardware and on Linux.

In the case of Bluetooth mesh, data packets are encrypted. In fact, data is double encrypted in that first the data is encrypted and then the packets. This means that while you can capture packets you can only see the packet types and Bluetooth mesh metadata. You won’t be able to decrypt the actual data. It’s more useful for determining the type and size of traffic for mesh traffic optimisation.

Read about Beacons and the Bluetooth Mesh

A Push for Bluetooth 5 Long Range

There’s a push by the Bluetooth SIG at the moment, promoting long range Bluetooth that appeared with Bluetooth 5 in June 2016. This is presumably because, to date, there haven’t been many long range end-user products. There aren’t many devices out there because you need Bluetooth 5 hardware at both ends of communication and existing devices can’t be upgraded.

Device manufacturers have been waiting for the ‘device at the other end of the communication’ (beacons, sensors, smartphones, single board computers) to become compatible before creating new products using Bluetooth 5 which is a chicken and egg situation. There are also tradeoffs around backwards compatibility and battery power. It’s more complex to create a device that supports Bluetooth 5 and is backwards compatible with Bluetooth 4. Advertising both at the same time uses more power and hence reduces the battery lifetime.

In order to validate Bluetooth 5’s long range claims, Nordic have a new blog post testing long range. The post gives a good explanation of path loss, outside vs inside and deterioration of the signal due to precipitation, humidity and reflected signals. Nordic also have an older post comparing the range of BLE, ZigBee and Thread Protocols.

Read more about Bluetooth 5

iBeacons for Android, iBeacons for iOS

We often gets asked what are the best beacons for iOS and/or Android. As mentioned in our post on Which Beacons Are The Most Compatible, all beacons, whether iBeacon or Eddystone, are compatible with iOS and Android.

The universal compatibility comes about because all beacons are slight derivations of a few standard circuit designs and firmware provided by Texas Instruments, Dialog and Nordic who produce the System On a Chip (SoC) inside beacons.

Instead, you should be looking at more physical aspects such as battery size, battery life, range, on-off buttons, waterproofing and included sensors.

View iBeacons

Tesla Model 3 is an iBeacon

There’s an article at The Parallax on how the Tesla Model 3 constantly sends out iBeacon advertising. This allows the Android/iOS app to see the car and consequently unlock and start the car without a key. Martin Herfurt, a security expert for Austria, claims this is a security and privacy vulnerability.

Tesla’s response has been:

“BLE tracking is something we’ve discussed internally, and we revisited this discussion after receiving your report. However, our current assessment is that randomizing BLE identifiers would not result in significant privacy gains due to the ubiquity of automated license plate readers”

What Tesla is saying is that there are other ways to track cars so they believe it’s not a issue.

The security researcher can detect cars up to 50m away and said…

“… the range can be easily extended with a directional antenna, possibly to reach up to a mile away”

We would like to know how to ‘easily’ get such a directional antenna as, to our knowledge, no such thing exists. 50m range advertising is just that and can’t be extended significantly by changing the receiver antenna.

However, the Tesla Model 3 being an iBeacon raises the question whether this is a significant privacy concern. Indeed, anything or anyone advertising Bluetooth can turn into a privacy concern. In the article, connected-car security researcher Tim Brom says it can be a concern if you’re a high-value target of any kind or worried about a stalker.

Even when id’s or randomized or cycled, as in the case of Eddystone EID, the mere presence of Bluetooth advertising can reveal the presence of something that needs to be concealed. For example, Wired recently wrote Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones.

The learning is that you shouldn’t blindly implement Bluetooth without considering the security implications and providing mitigations. In the case of Tesla, they could have had an option for security conscious users to turn off Bluetooth and instead use a key.

Changing the Battery in the F4 Tracker Beacon

We recently started selling the Minew F4, a quality tracking beacon with external on/off button, 85dBm buzzer and range of up to 50m. The battery last about 6 months. Minew have a video how to change the battery:

There’s a T-Finder iOS and Android app on the app stores but the intention is that this beacon will be used with your own apps and solutions using the supplied Android and iOS SDK.

View Tracker Beacons

iBeacon App Development Companies

There are a large number of offshore development companies currently spamming social media, claiming to do iBeacon development. We recommend you do your due dilligence before engaging development as many like to say ‘yes’ to anything and it’s often companies such as ours that have to pick up the pieces.

Here’s are some things to consider when looking for an iBeacon app developer:

  • Can they give examples of iBeacon apps they have written?
  • Can they give you references to past work who you can talk to?
  • Do they release development versions regularly so you can test and gauge progress? If everything is released at the end, it’s likely you are going to end up disappointed.
  • Who will actually be doing the development? There can be intermediaries in the development ecosystem that confuse and compound communications problems. Right from the start, you need to be talking direct with the person who will be doing the development.
  • Do they really understand you? Many aren’t native English speakers and if you are getting misunderstandings during initial engagement, this doesn’t bode well for the development.
  • Have they provided constructive comments on your proposed app rather than just saying ‘yes’? Developers should be able to improve on your ideas so as to get the best out of iOS and Android.
  • Getting iBeacon apps through Apple approval can be difficult. Can they give you examples why and the possible mitigations?

App development is an area where cheapest isn’t usually the best. Compromised development will cost you in the longer term through late or aborted development, tricky problems, significant end user support, poor app reviews and difficulty adapting the apps in the future for future phones and new features.

Beaconzone was founded by app developers in 2015 after we had previously created several iBeacon art gallery apps. We have since written many more iBeacon and Bluetooth LE apps on iOS and Android.
Read about beaconzone.solutions

What’s Wrong with Bluetooth Mesh?

Researchers from TU Darmstadt, Germany have a new paper Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept that looks into weaknesses in the security model underlying the Bluetooth mesh friendship mechanism.

Friendship allows a low-power IoT device to go to sleep with a separate higher-power node caching packets until the lower power device wakes up. The paper provides an overview of friendship and the Friendship Security Material(FSM) unique to this type of communication.

The researchers found three flaws in the Bluetooth friendship mechanism related to:

  • The possibility of eavesdropping on communication and selectively jamming based on size of the control messages.
  • The lack of protection of the friend security keys against an insider attack.
  • The possibility of misuse of Friend Clear messages to cause a form of denial of service attack through flattening the battery.

The paper includes a reference to tools that demonstrate these problems and discusses possible mitigations.

The Bluetooth SIG responded:

Compromise of the friendship relationship results only in a compromise of the availability of the low power node to the other nodes in the subnet.

It is the conclusion of the working group that the friendship relationship between an LPN and its friend within a mesh subnet is not intended to be secured against attack by a party already in possession of the network key.

It is the position of the Mesh Working Group and the Bluetooth SIG that neither scenario provides additional security risk for a user of the Mesh profile

In other words, the risks are appropriate to the level to which the mesh is expected to be used or attacked.

We have yet to come across any devices using friendship. Friendship is an edge case that isn’t required in most instances. Also, most existing low power devices can’t be upgraded to use mesh due to the higher memory requirement of Bluetooth Mesh.

Read about Beacons and the Bluetooth Mesh

nRF Connect Features

Nordic, the manufacturer of the System on a Chip (SoC) in most beacons, has a new blog post on Five Things You Didn’t Know About Nordic’s Mobile Development Apps. The post mentions less visible features of nRF Connect on iOS and Android. For example, you can get a useful RSSI graph by dragging the screen towards the right from the centre:

nRF Connect is the main app we recommend for testing beacons. iOS recently received a completely new version. nRF Connect also has macros that can speed up testing.

Battery Power Use When Advertising Multiple Bluetooth LE Channels

Most beacons can transmit more than one type of advertising , for example iBeacon, Eddystone and sensor data. In practice, no beacon can send more than one kind of data simultaneously. Instead, they send the different data sequentially, one transmission very shortly, milliseconds, after the other. Many manufacturers describe this as sending data in different channels which shouldn’t be confused with different Bluetooth LE frequency channels used to reduce the affects of wireless interference.

Some devices such as Minew and Sato can send 6 channels that can include iBeacon, Eddystone UID, Eddystone URL, Eddystone TLM, sensor, acceleration and device info:

Sato setup: Channel types are shown at the bottom

Transmitting one type of data takes of the order of 1 millisecond (ms) every configurable 100ms to 10secs period. It’s during the sending that the majority of the battery power is used with the beacon sleeping between transmissions. The following oscilloscope trace shows the battery power used, over time, with one channel:

Care should be taken to configure only those types of data that are required. If you configure more than one channel then there’s a corresponding, almost linear, increase in use of battery power for every extra channel.

Bluetooth 5 Range Tests

Unseen Tech has a recent whitepaper on Bluetooth 5 range. It describes some tests that were performed to assess Bluetooth 5 to see the improvements in range compared to Bluetooth 4’s typical 30m to 100m. The tests used development boards from Texas Instruments and Nordic that, used outside, achieved about 650m and 750m respectively.

While some companies are claiming Bluetooth 5 support in products, many don’t actually use Bluetooth 5 yet but instead offer an upgrade path to Bluetooth 5. Other’s do offer Bluetooth 5 but downgrade to Bluetooth 4 when communicating with Bluetooth 4 devices (e.g. smartphones) which are still the large majority of devices.

There are also some ultra long range Bluetooth 4 devices that include output power amplifers that can achieve ranges of hundreds of metres and we have one USB powered beacon that reaches up to 4Km.