iBeacon的安全性如何？ [英] How secure is iBeacon?

问题描述

iBeacon是一项很有前途的新技术。但它有多安全？启用加密后，蓝牙低功耗（BLE）可以是安全的。但是，这只是建立通信时的情况。但iBeacon框架并不意味着允许设备之间的通信。它甚至不可能通过iBeacon框架进行通信（然后应该使用CoreBluetooth）。 iBeacon只能进行广告（数据）。但这些广告包是否已被保护或是否公开？

iBeacon is a promising new technology. But how secure is it? Bluetooth Low Energy (BLE) can be secure when encryption is enabled. However, this is only the case when communication is established. But the iBeacon framework isn't meant to allow communication between devices. It even isn't possible to communicate through the iBeacon framework (CoreBluetooth should then be used). An iBeacon is only capable of advertising (data). But are those advertising packets secured or are these open for public?

我错过了关于iBeacon的更详细（技术）报告。

I am missing a more detailed (technical) report on iBeacon.

另一件不太清楚的事情是：谁开始说话？是广告iBeacon设备还是监控应用程序/设备。广告iBeacon设备是否一直在做广告？

Another thing which isn't very clear: who starts 'talking'? Is it the advertising iBeacon device or the monitoring application/device. Is an advertising iBeacon device always advertising?

推荐答案

安全完全取决于你。

iBeacons是安全的，因为它们是非常简单的设备，除了传输3部分标识符（和发射机功率测量）之外什么都不做。除非你竭尽全力阻止他们，否则他们总是做广告。

iBeacons are secure in the sense that they are very simple devices that do nothing but transmit a 3 part identifier (and a transmitter power measurement). They are always advertising unless you go out of your way to stop them.

任何人都可以看到这个标识符，所以你最好不要指望它保密！例如上周，我去了华盛顿特区的Apple商店并使用我的Android iBeacon定位应用程序，找出Apple商店入口附近的iBeacon的三部分标识符。

Anybody can see this identifier, so you had better not expect to keep it secret! Last week for example, I went to the Washington, DC Apple store and used my Android iBeacon Locate app to find out the three part identifier of the iBeacon near the entrance to Apple's store.

有了这些信息，我就配置了我的拥有iBeacon来传输完全相同的树部件标识符，从理论上讲，我可以将优惠推送到配置为响应Apple的iBeacon的应用程序。

With this info, I then configured my own iBeacon to transmit the very same tree part identifier, theoretically enabling me to push offers to apps configured to respond to Apple's iBeacon.

这是安全问题吗？仅当您设计的系统错误地假定iBeacon标识符是秘密的时。

Is this a security problem? Only if you design a system that incorrectly assumes the an iBeacon identifier is secret.

有趣的是，Apple的iOS API禁止扫描完全未知的iBeacon标识符（您必须至少知道三部分标识符中的第一个），这表明他们希望保持这种保密性。鉴于Android和OSX不提供此类禁止，最好不要指望您的iBeacon标识符保密。

Interestingly, Apple's iOS APIs forbid scanning for completely unknown iBeacon identifiers (you must at least know the first of the three part identifier), suggesting they want to maintain this secrecy. Given that Android and OSX offer no such prohibition, it is best not to expect your iBeacon identifier remain secret.

这篇关于iBeacon的安全性如何？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！