anelok: revisiting Bluetooth, the limits of one stop shopping

Werner Almesberger werner at almesberger.net
Fri Nov 22 00:35:54 EST 2013


802.15.4 has always been the "if you can't be with the one you
love, love the one you're with" kind of solution. So it makes
sense to look at the alternatives from time to time, to see if
anything has changed in the field.

Ron sent me a few pointers to Bluegiga BT modules, triggering
one of these scans. First, let's look at the Bluegiga products:

- Bluegiga are kinda cute and sourceable, but they also rely on
  Windows-based development tools for putting applications into
  their modules. The price tag is also significant, with 1000
  units starting at USD 13.65 (BLE113).

  For comparison, all the major components of Anelok (excluding
  the PCB itself, case, etc., but including 802.15.4 transceiver,
  balun, and PCB antenna), together cost around USD 15 at 1000
  units.

  Of course, having BT would make the RF (802.15.4) dongle
  optional, so even such an expensive module would be about
  neutral if we look at the cost of the entire system.

  Still, the closed development tools aren't nice. There are also
  some discouraging things on their forum, like "problems loading
  the licensing key into the module" that suggest that more
  trouble awaits the ones taking that road.

- Ron also found out that Bluegiga use CSR and more recently TI
  CC254x chips. Now CSR does not sound too good, but the TI
  CC2xxx are fairly popular.

The problem with most of the available BT solutions, especially
if they're modules (and not chips) is that they tend to have some
proprietary firmware that is either completely closed or at least
not easily modified (even if there's an SDK, there may be
restrictions on redistribution, the SDK will be closed-source,
and so on.)

To avoid this, one would have to go one level below: just get a
chip that takes care of the physical layer (aether to bits) and
maybe also the link layer (bits to packets) but then do the rest
in the firmware.

Among other things, that also has the potential benefit of moving
the local end of the protection of any encryption that happens on
the radio link into the MCU. So any snooping on that interface
would be defeated. This may not be the most likely place where an
attack may occur, but today's far-fetched hypothetical weakness
may very well become the exploit in tomorrow's headline news.

Next: why we don't need to use the machete just yet.

- Werner



More information about the discussion mailing list


interactive