I know that a "secure SDK" is in the works, although I'd like to know if it'll be possible to lock-down one's beacon and protect it from malicious firmware updates and setting changes.
Given that beacons are used in a business environment, I'd like to protect them from attacks and/or potential bricking by a 3rd party.
We are fully aware of the security potential threats and we still working on a new update that will include authentication so that will protect it from hijacking. Additional security layers will be developed over the course of the next few weeks.
The first version of security layer will be roll out within 2 weeks. If you are interested in testing it please drop me a line aga@estimote.com
Hi Agnes, I understand that you have a security layer in place already. However, we are creating our own apps to change our beacons in a Bulk Manner. For instance, we would like a specific UUID for all of them. We found out that in Android (at least) "anyone" could sniff beacons around and change the minor and major values without any authentication or without knowing the specific UUID. Is that been sorted out already?
Next to the first layer of security, which is authentication process mentioned above, we recently implemented new feature called 'Secure UUID' mechanism for rotating beacon ID at a fixed interval to block piggybacking on someone’s beacon network. You can find more details about it on our blog: http://blog.estimote.com/post/103051450215/delivering-on-the-promise-of-beacons-a-modular. Both features are integrated with Estimote Cloud.
Android SDK and app are a bit behind the iOS counterpart and we are working to address that and include support for Estimote Cloud and authentication mechanism. I’m afraid we’re unable to provide an ETA at this time, but rest assured this is definitely on our roadmap - please stay tuned!