BLE Smart 4.2 Automation - How the by-pass security layer if possible [For Test Automation]

Question

I am trying to implement BLE automation in my organisation and following to understand the below things.

1. Some BLE devices are getting paired (such as Philips HUE lamp) and some devices don't do pair but login(encryption) as a security layer such as GE smart bulb. Is pairing/login(encryption) is mandatory to communicate with the devices and do read/write operations. My understanding is whatever the device 'connect' is only mandatory and security layer(such as pairing are add on)

2. If I like to test along with the security layer, is there any tools available such as bluetootlctl which takes care of the security layer also, such as passing the session key/security key for subsequent read/write BLE operations?

Thanks.

-Santhoshkumar M

Answer 1

To answer your questions:-

1- You are right, connection is mandatory for communication while pairing is not. However, pairing has many advantages such as securing the connection and aiding in future device discoverability. Have a look at the links below for more information:-

• Should One Create a Bond with a Bluetooth LE Device
• Is Bonding Required for BLE Android iOS Device Communication

2- You can use bluetoothctl itself to do the pairing/bonding for you. If you don't want to manually intervene in the pairing process yourself then you might have to set up and automated process or write some shell scripts to take care of this for you. The whole idea of the pairing process is to prevent attacks which is why manual security entry is always preferred to the automated one. Have a look at the links below for more information on pairing using bluetoothctl:-

• Raspberry Pi BLE Encryption/Pairing
• Configuring Bluetooth devices with bluetoothctl
• How to Encrypt Data Using BLE Connection

I hope this helps.