In recent days, we have learned of the emergence of two potential security vulnerabilities affecting devices using the Bluetooth Low Energy (BLE) protocol. Let us assure you right up front that Kontakt.io devices are not exposed to these issues for reasons we'll get to in a moment. We want to share this news since it is of obvious relevance to the world of location-based technology given the huge role that BLE plays in it.
The first security issue is being referred to as BLESA (Bluetooth Low Energy Spoofing Attack). It takes advantage of a lack of key verification when reconnecting devices after an existing connection has been broken. This hack makes it possible to impersonate an already paired device and reconnect without additional key verification.
The other security threat is called BLURtooth and affects devices that support both BLE and BR / EDR. The problem here is focused on the role of keys in the pairing process and could also result in spoofed devices.
It's important to stress that both of these vulnerabilities were discovered by academics given the task of probing BLE connections for weaknesses and not by bad actors who successfully exploited them. Patches and updates are expected to address the issues soon, although successfully implementing them into billions of devices will be a challenge.
Here's why Kontakt.io customers can rest easy. Our devices do not use the pairing process. Our proprietary protocol manages communication differently and provides complete data security. Kontakt.io provides secure end-to-end communications between gateways and devices and uses shuffling of identifiers and addresses at regular intervals. This results in extra protection from man-in-the-middle attacks, device hijacking, piggybacking, cracking and theft of device memory.
Even before these current issues with BLE, we were in the process of completing Kontakt.io Secure Profile 2.0 for even more robust secure communication.
These security measures are part of a larger range of services that come with Kontakt.io Device Management. In addition to protecting your deployment against security threats, you can easily manage devices at scale, create alerts so you can address issues as they arise and simplify maintenance through virtual representations of all your beacons on a map.