Bluetooth and C# PC -> Cellphone connection without paring

2
votes

I'm trying to write simple app, which sends short text message to cellphones in bluetooth adapter range.

My first try is sending files: I can send file from PC to cellphone, but i must enter PIN on cellphone, and on PC.

I would rather to send text messages (something like push message) - is it possible to send it without paring devices?

If isn't possible to send push messages, maybe I can send simple file without requesting PIN ?

I use 32feet library.

Sample code (used to send files to selected device)

static int BTSendFile(string adres, string FileName)                            
        {
            Uri uri = new Uri("obex://" + adres + '/' + Path.GetFileName(FileName));
            ObexWebRequest req = new ObexWebRequest(uri);

            req.ReadFile(FileName);

            ObexWebResponse rsp = (ObexWebResponse)req.GetResponse();

            return (int)rsp.StatusCode;

        }
2
c#bluetooth32feet
I'm not an expert in Bluetooth technology but I doubt you can do it without pairing. If it was possible, that would be a great security breach. Maybe you should look at see if you can send and ignore the PIN on the sender's side or use a default PIN. That would let the user on the phone just accept with PIN or not.Nick.T
FWIW...I have never come across any BT device that does not require pairing...as this would be a security flaw in the devices and would greatly increase the likeliness that a hacker could access the device without you knowing. However, pairing on some devices is easier because the device tells you what the pairing number it. For example, when I pair my SatNav with my phone, it tells me that the key for the SatNav is 1234.Matthew Layton
Thanks for quick reply, my fears will confirmed :(iskrzycki

2 Answers

0
votes

A quick answer would be; NO, you will ALWAYS need some kind of pairing.

But if you take a look at the different kinds of pairing out there, you would see that BT 2.1 supports Secure Simple Pairing (SSP) with the Just Works-mode. This allows you to pair devices (almost) without any user interaction. From Wikipedia:

Just works: As implied by the name, this method just works. No user interaction is required; however, a device may prompt the user to confirm the pairing process. This method is typically used by headsets with very limited IO capabilities, and is more secure than the fixed PIN mechanism which is typically used for legacy pairing by this set of limited devices. This method provides no man in the middle protection.

However, since "This method is typically used by headsets with very limited IO capabilities", it would probably not apply to the cellphones you are talking about, but I thought you should know :)

0
votes

According to the offical Bluetooth Message Access Profile, i.e. the specific Bluetooth profile that deals with accessing SMS/MMS systems on phones via a remote device:

'The MCE device shall use the services of the MSE device only after successfully creating a secure connection. This includes exchanging of security initialization messages, creation of link keys, and enabling encryption'

From: https://developer.bluetooth.org/TechnologyOverview/Pages/MAP.aspx

There is also a link to the full spec there if you are interested.

This certtainly suggests that secure pairing is required, which I'd assume to involve the passkey. My experience is that once a device has been paired a connection can be made without repeating the pairing as long as that pairing is remembered by the devices (i.e. I've paired a device once and not had to do it again). As to simpler, non-keyed pairing mentioned by khellang above, I've not seen anything about this - if it is purely for devices like headsets then the security requirements may be lower due to their not likely wanting write access to a device?