#StackBounty: #bluetooth Bluetooth Low Energy – Relationship between PINs and man-in-the-middle attacks

Bounty: 50

In the Bluetooth core document, there are various Association Models, I’m trying to understand Numeric Comparison, where both devices are capable of showing a six-digit number (which I will call the PIN, although apparently they don’t like that terminology).

The paragraph in section 5.2.4.1 of v4.2 says this:

The numeric comparison serves two purposes. First, since many devices do not have unique names, it provides confirmation to the user that the correct devices are connected with each other. Second, the numeric comparison provides protection against MITM attacks

I definitely understand the user confirmation part, but how does the PIN help guard against MitM?

I think the answer lies in this paragraph:

In the Numeric Comparison
association model, the six digit number is an artifact of the security algorithm
and not an input to it, as is the case in the Bluetooth security model

but I have no idea what that means.


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.