As published this May by researchers from EPFL, CISPA and the University of Oxford, devices relying on standard Bluetooth authentication procedures are vulnerable to impersonation attacks! But don’t worry, Leitwert has you covered 💪.
Our libraries implement TLS-based end-to-end encryption from device to cloud over Bluetooth Low Energy. Your wearables will mutually authenticate with your server using Public Key Infrastructure, after which sensitive health data stays encrypted until it reaches its intended destination.
There is an additional benefit when authenticating directly with the cloud instead of relying on point-to-point authentication between the device and a Bluetooth gateway. Since the device does not have to remember authentications for each gateway, it can roam between an infinite number of gateways. This allows to establish seamless and secure Bluetooth networks covering complete hospitals or research facilities.
You find more information on how Leitwert contributes to your wearables here.
For the full publication on Bluetooth Impersonation AttackS (BIAS) by D. Antonioli (EPFL), N. O. Tippenhauer (CISPA) and K. Rasmussen (U. of Oxford) please visit francozappa.github.io