Bluetooth Beacons Study Guide

Bluetooth SIG have updated their Introduction to Bluetooth Beacons. It provides advice and examples how to use beacons from iOS, Android and Raspberry Pi using the respective Bluetooth APIs.

The examples show how to scan for AltBeacon which is unusual because most people will want to scan for iBeacon because AltBeacon is sent by very few beacons. This is less of a problem on Android and Raspberry Pi where slightly modified code can be used. However, on iOS, the suggested APIs won’t work for iBeacon because Apple removes the iBeacon data from the Bluetooth scan response data to force you to use the iBeacon specific APIs which aren’t mentioned in the guide.

SweynTooth and Beacons

New vulnerabilities, called SweynTooth, have recently been found in Bluetooth LE. The problems aren’t in Bluetooth itself but in software development kits (SDKs) provided by some System on a Chip (SoC) manufacturers.

There are three types of problem that can be triggered by sending particular data to Bluetooth devices: crash, deadlock and security bypass. Only some manufacturer’s SDKs are affected and only some of their SoCs models.

Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics and Telink Semiconductor SDKs are affected. The main manufacturer used in beacons in beacons and gateways is Nordic so the majority of beacons are not affected. Nevertheless, there are a few beacon models that use Texas Instruments and Dialog Semiconductors SoCs. Of these, very few use the specific affected SoC models.

The only affected devices we stock are the ABKey01, TON9128, TON9118, TON9108 that use the Dialog DA14580 SoC. You should avoid using these in critical scenarios because they can be caused to crash or deadlock. No beacons are vulnerable to the security bypass vulnerability.

As with all security issues, you have to put the possible attacks into perspective. The vulnerabilities are difficult to exploit in practice and it’s usually much easier to steal a beacon or remove its battery to make it inoperable.

The vulnerabilities are of more concern for critical medical devices such as pacemakers and blood glucose monitors.

TON9108 iBeacon Not Longer Being Manufactured

We are sorry to say the Iotton TON9108 is no longer being manufactured. This beacon has been very popular because of its low cost and top build quality. We only ever had one of these beacons returned faulty.

This beacon was particularly popular for large rollouts due to the savings in cost. However, we think the cost might have been it’s eventual weakness as it wasn’t sustainable for the manufacturer. Purchase while you can as we won’t be getting any more in stock.

We are talking with manufacturers to source an alternative, similarly priced, beacon. Watch this space.

Update: The Feasycom FSC-BP103 is our replacement low cost beacon.

Bluetooth Gateway Heartbeats

If you are rolling out many gateways, there comes a time when you start wondering if all of them are working and connected. While it’s possible to write a server side script/code to detect whether or not data has been received from the gateway in the last n seconds/minutes, this doesn’t work when there aren’t any Bluetooth devices in the vicinity of some gateways which won’t be sending payloads.

iGS01S Bluetooth WiFi Gateway

The INGICS gateways have a way of setting up a heartbeat that’s a dummy payload used to indicate a gateway is working and connected. It’s set up by telnet to the gateway and issuing the following command followed by a reboot:

> SYS HEARTBEAT 1
> REBOOT

The ‘1’ signifies every 1 minute and allows setting up to 255 minutes. A $HBRP data payload is to the server in the form:

$HBRP,FECE97089146,FECE97089146,-127,00000000

The heartbeat functionality is available on firmware IGS01-v2.0.0 and IGS01S-v2.0.0 or later.

Waze Beacons in 18Km of Australia Tunnels

We previously mentioned Waze Beacons in Tunnels in New York City. Since then, Waze beacons have been installed in further cities such as Chicago, Paris, Rio, Brussels, Florence and Oslo. The latest installations are by Transurban who manage tunnels in Australia where they have installed over 930 beacons in 18Km of tunnels.

Waze beacons allow uninterrupted location services underground ensuring drivers never miss an in-tunnel exit. They provide navigation underground where GPS doesn’t work.

The beacons advertise Eddystone. The Waze app sees the beacons and uses the known beacon locations rather than GPS. Google is also a partner which allows Google Maps to also see Waze beacons when driving in tunnels.

Bluetooth on Windows

Most Bluetooth development is focussed on Android, iOS and Linux. However, it’s also possible to use Bluetooth on Microsoft Windows.

BluetoothLEExplorer is a free app that allows you to scan for Bluetooth devices and read/write Bluetooth Service Characteristics. If you wish to create your own variant of the app or learn how to use Bluetooth on Windows, the source code for BluetoothLEExplorer is on GitHub.

New Bluetooth Sensors

We have two new sensor beacons in stock. The iBS03TP is a waterproof temperature beacon with a 2m probe measuring -50C to 150C with an accuracy +- 0.5C.

The iBS02M2 measures on/off. This can be a switch or a voltage (0.5v to 50v is ‘on’).

The small PCB with a USB connector plugs into the main unit USB. The terminal block is used connect to anything that provides a switched or voltage output. This makes this beacon suitable for detecting a wide range of on/off scenarios.

Read about Beacon Proximity and Sensing for the Internet of Things (IoT)

Connect to WiFi Using Bluetooth iBeacons

There are a number of solutions and retail situations where beacons are used to connect the smartphone user to WiFi. How does this work?

Beacons only provide a known unique id for a place. An app on the smartphone sees that id and knows, usually via some central database, the WiFi connection settings. The app uses those settings to programmatically set up the WiFi connection.

There’s obviously a chicken and egg situation here as the app needs the WiFi connection (or cellular) to access the central database of beacon ids vs WiFi settings. The mechanism doesn’t work when cellular connections are slow, poor or the user, perhaps a tourist, has turned off roaming to save costs.

For more reliable operation of the mechanism, the app can choose to fetch and cache nearby/popular beacons vs WiFi combinations, ahead of time, when it does have Internet connectivity.

Bluetooth Mesh Succeeds Where Thread Failed

Thread is a low power wireless protocol that competes with Bluetooth Mesh. Particle who develop Thread have made a surprise announcement that they are discontinuing development of Particle Mesh.

Mesh networking, while a compelling technology, is extremely complex, and trying to make it just work with zero configuration for all customers in all environments just wasn’t feasible

Instead, they are going to concentrate on Bluetooth Low Energy support for local communications between devices.

To understand the rationale, take a read of Szymon Slupik’s blog on Crossing the Mesh Chasms. Szymon is the Chair Mesh Working Group at Bluetooth SIG and CEO of Silvair who use Bluetooth Mesh in lighting. In his blog he explains how his company previously tried and failed, 8 years ago, to create a routed, self-healing and IP-based mesh. Bluetooth mesh has none of these because different techniques need to be used in networks that have low bandwidth. Attempting routing, self-healing and ip protocols on top of a limited throughput network causes it to saturate and collapse if there’s any significant network traffic.

Instead, Bluetooth mesh has been designed to send the original message multiple time (default is three) instead of using acknowledgements*. Multiple paths are used instead of self-healing.

As the Thread announcement says, mesh networking is complex. This is as much so for Bluetooth as it is for Thread. The Bluetooth Mesh Specification has over 700 pages. As Szymon says, Bluetooth mesh as a technology is only part of a solution. Bluetooth mesh needs software to configure the mesh for specific usecases and provision/manage nodes.

Read about Beacons and the Bluetooth Mesh

* The mesh standard does allow for acknowledgements but, as has been our experience, using them in real-world scenarios floods the network with too much traffic.