webbluetoothcg / registries Goto Github PK

https://developer.bluetooth.org/gatt/characteristics/Pages/CharacteristicViewer.aspx?u=org.bluetooth.characteristic.serial_number_string.xml

See https://code.google.com/p/chromium/issues/detail?id=532930 for background.

The service UUID is 00001016-d102-11e1-9b23-00025b00a5a5

The only information I could find on that service is here: https://www.csrsupport.com/download/49800/CS-327746-RP-1-Training%20and%20Tutorials%20-%20CSR%20Over-the-Air-Update.pdf

The protocol seems to do challenge-response with a shared key, rather than properly signing the firmware.

Sometimes there are collisions between blacklisted Service UUIDs and non-blacklisted Characteristic UUIDs which results in missing features for Web Bluetooth. For example the FIDO Service (0xfffd) is blacklisted; Playbulb uses that UUID for one of its characteristics which means we can't use the characteristic on Playbulb.

Hi there,

Please blacklist the FIDO U2F Service: 0xFFFD. If this service is not blacklisted, the phishing protection offered by FIDO U2F devices will be compromised.

Bluetooth ORG's 16-bit allocated uuids for SDOs: https://www.bluetooth.com/specifications/assigned-numbers/16-bit-uuids-for-sdos

Specification for those that might be interested: https://fidoalliance.org/specs/fido-u2f-bt-protocol-id-20150514.pdf

When trying to connect to a Polar H6 heart-beat measurement device, the recommended standard procedure failed.

In the Polar reference implementation for Android
we can see that the descriptor needs to be modified (search for BluetoothGattDescriptor.ENABLE_NOTIFICATION_VALUE in the example android code).

In summary, WebBluetooth blocks what the manufacturer recommends. This clearly limits the value of WebBluetooth.

00001530-1212-efde-1523-785feabcd123
The latest version, v11, of the nRF5 SDK doesn't support checking signatures of transferred firmware images. That introduces what I think is an unacceptable risk of users being phished to update their devices to malicious firmware. There's some experimental support, for manufacturers who go looking for it, but it's undocumented, and I don't expect enough to adopt it to justify the risk to everyone else.

Let's discuss here if there are any mitigations I've missed that would argue against blacklisting.

I'm currently developing a product which I'm hoping will be used heavily with Web Bluetooth.

I had planned on updating firmware over BLE (obviously allowing any device to update firmware was insecure, so it would have needed physical access to the device to have put it into bootloader mode). Unfortunately I've just found out that this is now blocked because it might be insecure on some devices and I'll have to wait for a new bootloader version from Nordic.

I already own maybe 10 devices that implement DFU, and on these it was done in a sensible way that wouldn't have been a security problem. These can no longer be updated by Web Bluetooth. There are probably over 100,000 devices like this out there that can no longer be updated.

It's even more worrying as I was on the cc list of the emails about getting Web Bluetooth and OTA updates working, and yet even then I had no idea this was now blocked until a few days ago.

I also use the Nordic UART UUIDs for a UART service, so that I can be compatible with existing apps that use the service.

My worry is that at some point in the future, a manufacturer is going to do something dodgy like make a pacemaker with a Nordic UART UUID (which let's face it, is quite likely) and then you will feel compelled to block that UUID in Web Bluetooth - breaking it for everyone who is using that service (it's not just me - Adafruit use it on their BLE products and apps, as do many others).

Or what if someone cloned a legitimate product's UUID, and allowed someone to do something dangerous with it. Are you then going to block even the legitimate product?

How can we ensure this doesn't happen, or that people are notified if it is about to happen?

Can we have a flag, or a black-whitelist that allows certain URLs to keep using the blacklisted UUIDs if their product depends on it?

If any manufacturer can have their product remotely disabled at any time without notice, it's going to be hard to convince anyone to invest the time to use Web Bluetooth for anything serious.

Some months ago https://mrdoob.github.io/daydream-controller.js/ stopped working.

After a long day investigating these are my findings:

1. It's likely this started after a firmware update.
2. After that update characteristicvaluechanged no longer fires.
3. We now need to request notifications by setting the value of descriptor 00002902-0000-1000-8000-00805f9b34fb to new Uint8Array( [ 1 ] ). Source.
4. We can't do that because 00002902-0000-1000-8000-00805f9b34fb is blocklisted in this repo 😞

What that blocklisting specifically for Daydream Controller or was that a side effect?
Is there a chrome flag to disable the blocklisting so I can use the controller for prototyping?

Like the Nordic DFU service (#7), TI's update service also doesn't require signatures by default. The CC254x version of it appears to have support for encrypting the image with a symmetric key that would be embedded in all copies of the firmware, but that's missing from the CC26xx version.

This UUID is f000ffc0-0451-4000-b000-000000000000.

The Cypress Bootloader Service allows a Bootloader component to update the existing firmware on the Cypress BLE device using the Bluetooth Low Energy interface as a communication interface.
Source: http://www.cypress.com/documentation/application-notes/an97060-psoc-4-ble-and-proc-ble-over-air-ota-device-firmware-upgrade

GATT Service UUID: 00060000-0000-1000-8000-00805F9B34FB

Hi am building a website with Web Bluetooth right now.

i have this problem that the device i want to connect to has many Services one of them is The Blocked HID Service. Somehow i am not able to connect to any other Service/Characteristic from that device.

Is that a bug or is it meant to be that way?

When i browse the same website on my Android Phone via Chrome i can connect to that device and the non blocked Services.

Took a while to get behind this, i am emulating the BLE device with and without the HID Service and when the HID Service is Disabled it does work fine via Chrome on Windows 10

Hope i was clear enough.

Thanks for any Answers