Web Bluetooth Updates

Web Bluetooth, the mechanism by which web sites can access Bluetooth devices, has been updated to make it easier for end users.

The main changes are two new experimental function calls getDevices() and watchAdvertisements(). Previously, permission prompts have been a pain point using the Web Bluetooth API with users having to ok the permission prompt on every visit to the site. This is especially troublesome when there are many Bluetooth devices as each permission has to be granted one device at a time. Bluetooth.getDevices() method returns a list of Bluetooth device that have already been granted by the user. The Bluetooth.watchAdvertisements() function allows observing when device is in range and broadcasting advertisement packets.

Being experimental, these new features are currently hidden behind Chrome flags:

The APIs are behind the
chrome://flags/#enable-experimental-web-platform-features
chrome flag and persistent device permissions are behind the chrome://flags/#enable-web-bluetooth-new-permissions-backend
flag that exposes the Bluetooth devices a device is allowed to access.

There is more information on the getDevices() Chrome flag and documentation.

Nordic Semiconductor APPROTECT Compromised

LimitedResults have published details of how they have been able to access what were previously presumed to be protected Nordic Semiconductor nRF52 devices. nRF52 devices are regularly used in beacons and other Bluetooth devices such as fitness trackers. This post summarises the vulnerability, looks LimitedResults claims, Nordic Semiconductor’s response and how that affects those using such devices.

Nordic nRF52 System on a Chip (SoC) devices are small Arm® Cortex™-M4 CPU computers running software. The software is flashed into the devices and authors usually apply what’s called APPROTECT to prevent the software from being read back and the debug port from being used for examining data. The software read back lock is to prevent the software being copied onto non-sanctioned devices or for decompilation to obtain algorithms that might be considered intellectual property (IP). Examining data via the debug port allows access to passwords or data that might be considered to be confidential.

LimitedResults have cleverly managed to disrupt the running of the SoC by removing some circuit capacitors and producing a very short pulse on the power line. This allows bypassing of the APPROTECT, subsequent use of the debug port to control code execution, extraction of the code and ultimately disabling the APPROTECT mechanism. LimitedResults say:

Due to its low-complexity, this attack on the nRF52840 can be reproduced on the field easily

Nordic Semiconductor responded today with an Informational Notice that describes the problem and concludes:

The nRF52-series of SoCs, like many standard microcontroller circuits, are not hardened against fault injection techniques

This puts the onus on companies using the nRF52 to only use it for non-critical uses where a security breach has negligible consequences OR to only use it where it’s known that physical access, required to perform such security breaches, is unlikely or impossible to occur.

What does this mean for users? This affects nRF52-based product owners in that binary code can’t now be considered safe from copying or examination. While this sounds concerning, anyone wishing to take advantage of the vulnerability needs a very high level of skill. Despite LimitedResults saying it can be “reproduced on the field easily”, the ‘easily’ part is contentious. Producing a power spike isn’t easy. Analysing extracted binary code and data also requires a high level of skill. We can’t think of any uses of the nRF52 where it would be worth the effort.

When it comes to the end users, there could be uses, particularly in healthcare, where a vulnerability might be a concern. For example, Nordic devices have been used in heart rate monitors. However, the vulnerability requires removal of components from the circuit board and physically attaching wires to the inside of such devices. With today’s surface mount based PCB designs, it’s difficult to do this in the lab let alone on a user’s device.

As with all security issues, you have to put possible attacks into perspective. The vulnerabilities are difficult to exploit and not worth the effort in most cases. The security of the nRF52 is suitable for the kind of data collection tasks for which it tends to be used.

It’s in security-critical areas such as healthcare and finance that such vulnerabilities need to be taken more seriously. As with some microcontrollers used in finance, extra physical (impossible to get to the circuit) and/or software (self-destruct) protections need to be put in place.

Rail Technology iBeacon Charging System

The April/May issue of Rail Technology Magazine mentions a new train passenger phone charging system that uses iBeacon:

The system created by EAO, uses iBeacon to automatically open train operators’ apps on the passengers’ smartphones. Passenger apps can provide tailored passenger information such as smart ticketing, trolley service requests and deliver targeted marketing messages.

Read about Beacons in Transportation

How Social Distancing Wearables Work

We have had people ask how social distancing beacons such as distance bands differ to ordinary beacons. Normally, beacons send out (called advertising) Bluetooth signals that are received (called scanning) by apps on smartphones or Bluetooth gateways:

There’s no actual connection taking place. One side is repeatedly sending while the other is listening.

For social distancing, the beacons advertise AND scan:

Each beacon is repeatedly sending out an id and listening for others. Again, no connection takes place. When beacon receives scan data, it also sees the signal strength which can be used to infer the distance and hence whether the remote beacon is within the social distancing distance.

Beacons can store the id, signal strength and time. This can be extracted later via connection from another device such as a smartphone or gateway.

Read about Beacons for Workplace Social Distancing and Contact Tracing

Q1 2020 Wireless Q Magazine Available

Nordic, the manufacturer of the System on a Chip (SoC) in many beacons, has published the latest issue of Wireless Quarter Magazine. It showcases the many uses of Nordic SoCs.

In the magazine you can find lots of new products using the same technology found in Bluetooth beacons:

  • Citizen Watch’s solar powered watch
  • Sphero RVR programmable robot
  • F5 Sports smart baseball
  • A wearable canine activity tracker that monitors pet exercise
  • An equine monitoring solution helping farmers monitor horses’ health

OmnIoT SoftHub for Bluetooth Solutions

OmnIoT SoftHub is a way of creating IoT edge applications quickly without any programming. It runs on Raspberry Pi hardware (2, 3, 4, or Zero/W) and detects iBeacon, AltBeacon, and EddyStone beacons ‘out of the box’. The authors have told us they are interested in integrating other Bluetooth sensor types.

The platform allows sending of data to many 3rd party MQTT brokers. It logs data to internal or attached storage and can also decode data into a variety of data formats. Thresholds can be created to cause events, for example, sending alarm emails or SMS messages direct from the platform itself.

It’s free for personal use and one-off company projects. It only needs to be licensed if you are going to re-sell it as part of a solution.

For more information, read the FAQ and explore the YouTube channel.

The Case for Social Distancing

Around the World, governments are advocating social distancing. Companies such as ourselves are offering tech-based solutions to warn about close contacts, as they happen. However, what is a safe distance?

Governments seem to recommend arbitrary distances, for example, China (1m), France (1m), Singapore (1m) through Australia (1.5m), Germany (1.5m), Greece (1.5m), Netherlands (1.5m) up to the United Kingdom (2m), Spain (2m) and Canada (2m). Countries are providing inconsistent guidelines. What do the various distances actually imply in terms of reducing the risk?

The Lancet has just published a paper Physical distancing, face masks, and eye protection to prevent person-to-person transmission of SARS-CoV-2 and COVID-19: a systematic review and meta-analysis that’s effectively research on research. It provides a summary of 172 observational studies across 16 countries and six continents on common respiratory viruses.

The risk of being infected is estimated to be 13% at less than 1m. Every extra metre of distance reduces the risk by half. 1m provides for a large reduction in infection but 2m is a much safer distance. 1.5m is a pragmatic option especially if other factors can be combined such as limiting the length of exposure, using of face protection or other contextual considerations. Neither distance, reducing length of exposure nor face masks provide complete protection from infection.

For tech based solutions it’s important to be able to fine tune the distance to governments’ advice and contextual considerations. It’s also important to be able to measure the length of exposure and filter out exposures that are so short as to pose negligible risk.

Read about Distance Bands for Workplace Social Distancing and Contact Tracing

Bluetooth Social Distancing Beacon in Stock

We now have the M52-ST social distancing beacon in stock.

The beacon led flashes when two people wearing this beacon come close to one another. Each beacon stores up to 34,304 close contacts that can be extracted using the supplied iOS and Android app.

The app also allows setting of the time two people have to be together, the alarm type (led and/or sound) and a whitelist of up to 45 devices. The transmit power and signal strength trigger value can also be changed to fine tune the trigger distance for different physical situations.

Node Beacon Scanner

If you are developing using Node, there’s a Node.js module, node-beacon-scanner, that allows you to scan Bluetooth beacon packets and parse the packet data.

While Node tends to be associated with Linux, servers and hence web sites, Node can also be used on small single board computers such as the Raspberry Pi. Hence, this module provides an easy way to scan for Beacons and other Bluetooth devices.

The module supports iBeacon and Eddystone and outputs the MAC address, local name, transmit power level, RSSI and the iBeacon/Eddystone specific attributes.