EH-MA41 User Guide
10-26
5.1.6. MM
—Query or configure Man-In-The-Middle protection
feature
5.1.6.1. Description:
This command can query or configure the Man-In-The-Middle protection feature of Bluetooth module. Once configured,
the configuration will take effect immediately and until the next time the module is configured by this command. It means
the Bluetooth module will remember the configuration, and even if the Bluetooth module has been powered off, the
configuration will not be lost.
If the parameter is not presented, the Bluetooth module will report current configuration by the Indicator MM.
5.1.6.2. Syntax:
Synopsis:
AT+MM[=State]<CR><LF>
5.1.6.3. Parameter Description:
Parameter
Description
Mandatory
Comments
State
The new state of Man-In-The-
Middle protection. Value: 00h or
02h
00: Deactivated
01: Activated
02: Activated and auto confirm the
numeric comparison.
Default: 02 (Activated and auto
confirm)
O
The default value
may be different
per software
version.
Notes:
1.
A man-in-the-middle (MITM) attack occurs when a user wants to connect two devices but instead of connecting
directly with each other they unknowingly connect to a third (attacking) device that plays the role of the device they
are attempting to pair with. The third device then relays information between the two devices giving the illusion that
they are directly connected. The attacking device may even eavesdrop on communication between the two devices
(known as active eavesdropping) and is able to insert and modify information on the connection. In this type of
attack, all of the information exchanged between the two devices are compromised and the attacker may inject
commands and information into each of the devices thus potentially damaging the function of the devices. Devices
falling victim to the attack are capable of communicating only when the attacker is present. If the attacker is not
active or out range, the two victim devices will not be able to communicate directly with each other and the user will
notice it.
2.
To prevent MITM attacks, Secure Simple Pairing offers two user assisted numeric methods: numerical comparison
or passkey entry. If Secure Simple Pairing would use 16 decimal digit numbers, then the usability would be the
same as using legacy pairing with 16 decimal digit PIN. The chance for a MITM to succeed inserting its own link
keys in this case is a 1 in 1016 = 253 pairing instances, which is an unnecessarily low probability.
Secure Simple Pairing protects the user from MITM attacks with a goal of offering a 1 in 1,000,000 chance that a
MITM could mount a successful attack. The strength of the MITM protections was selected to minimize the user
impact by using a six digit number for numerical comparison and Passkey entry. This level of MITM protection was
selected since, in most cases, users can be alerted to the potential presence of a MITM attacker when the
connection process fails as a result of a failed MITM attack. While most users feel that provided that they have not
compromised their passkey, a 4-digit key is sufficient for authentication (i.e. bank card PIN codes), the use of six
digits allows Secure Simple Pairing to be FIPS compliant and this was deemed to have little perceivable usability
impact.
3.
If the Man-In-The-Middle protection feature is activated, the module may output the number for numeric comparison
by indicator NC or a passkey request by indicator PK. About the command NC and PK, please refer to section
5.1.24 and 5.1.25.
4.
If the Man-In-The-Middle protection feature is activated, the IO capability can only be configured to
“Display
Yes/No
”
or
“
Keyboard Only
”. About the IO capability, please refer to section 5.1.7 .
5.
When connect with some Android device by the SPP profile, it is required to active the Man-In-The-Middle
protection.
5.1.6.4. Examples:
Ex. 5.11. To query current Man-In-The-Middle protection state of the Bluetooth module:
AT+MM<CR><LF>
query the current Man-In-The-Middle protection state.
