Search code examples
androidiosbluetoothbluetooth-lowenergypairing

Can BLE on an IOT device autopair/autoconnect with Android / iPhone without any passcode?

I am experimenting with Raspberry Pi as an IOT device. And trying to understand the BLE concept.

And the scenario is the IOT device can be used to open doors, or access lifts (i'ved seen in hotels). So I'm not clear how the design of BLE interaction works and to identify the mobile device (Android/iPhone).

So first is, can the IOT device use BLE to autopair/autoconnect to Android / iPhone without any passcode ? The reason asking this is if its possible, then we could possible do some data exchanges to authenticate the mobile device. Otherwise, how is it done to identify the mobile BLE device (both Android & iPhone)

Solution

  • There are a few different pairing methods including

    • Just Works: Pairing is mostly automatic, meaning this is unauthenticated. Your application will need to authenticate
    • Passkey Entry
    • Numeric Comparison
    • Out of band (OOB): Use NFC or some other non-BLE method to authenticate

    The proper selection of these option depends on the IO capabilities of each device. Per the Bluetooth Core Spec (v5.4): IO capabilities and pairing method (1) IO capabilities and pairing method (2)

    So if Raspberry Pi is accessing a door or something with no straighforward IO, you are stuck with using Just Works per the NoInput NoOutput Responser row, unless there is an out-of-band method for authenticating. It sounds like OOB is not relevant to you, meaning some message exchanges after connecting would be necessary.

    If you simply want to identify the device without authentication, this is done through the advertising data of the peripheral (e.g. a door lock). Often a peripheral's advertising data includes a Local Name or a UUID that announces itself and allows the central (e.g. Raspberry Pi) to scan and identify it. But something like a door lock would require an application level exchange after connecting in order to securely interact with it.

    If you want to understand advertising and connections, check out the LightBlue or NRF Connect apps. They scan for peripherals and can connect to them. I also wrote a blogpost to help on-ramp someone new to BLE to understanding advertising and connections.