Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
62 lines (48 sloc) 2.5 KB
# This file holds a list of GATT UUIDs that websites using the Web
# Bluetooth API are forbidden from accessing.
## Services
# org.bluetooth.service.human_interface_device
# Direct access to HID devices like keyboards would let web pages
# become keyloggers.
00001812-0000-1000-8000-00805f9b34fb
# Firmware update services that don't check the update's signature
# present a risk of devices' software being modified by malicious web
# pages. Users may connect to a device believing they are enabling
# only simple interaction or that they're interacting with the
# device's manufacturer, but the site might instead persistently
# compromise the device.
#
# Nordic's Legacy Device Firmware Update service, http://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v11.0.0/examples_ble_dfu.html:
00001530-1212-efde-1523-785feabcd123
# TI's Over-the-Air Download service, http://www.ti.com/lit/ug/swru271g/swru271g.pdf:
f000ffc0-0451-4000-b000-000000000000
# Cypress's Bootloader service. Documentation at
# http://www.cypress.com/file/175561/download requires an account.
# Linked as CYPRESS BOOTLOADER SERVICE_001-97547.pdf from
# http://www.cypress.com/documentation/software-and-drivers/cypresss-custom-ble-profiles-and-services:
00060000-0000-1000-8000-00805f9b34fb
# The FIDO Bluetooth Specification at
# https://fidoalliance.org/specs/fido-u2f-bt-protocol-id-20150514.pdf
# section 6.7.1 "Bluetooth pairing: Client considerations" warns that
# system-wide pairing poses security risks. Specifically, a website
# could use raw GATT commands to impersonate another website to the
# FIDO device.
0000fffd-0000-1000-8000-00805f9b34fb
## Characteristics
# org.bluetooth.characteristic.gap.peripheral_privacy_flag
# Don't let web pages turn off privacy mode.
00002a02-0000-1000-8000-00805f9b34fb exclude-writes
# org.bluetooth.characteristic.gap.reconnection_address
# Disallow messing with connection parameters
00002a03-0000-1000-8000-00805f9b34fb
# org.bluetooth.characteristic.serial_number_string
# Block access to standardized unique identifiers, for privacy reasons.
00002a25-0000-1000-8000-00805f9b34fb
## Descriptors
# org.bluetooth.descriptor.gatt.client_characteristic_configuration
# Writing to this would let a web page interfere with other pages'
# notifications and indications.
00002902-0000-1000-8000-00805f9b34fb exclude-writes
# org.bluetooth.descriptor.gatt.server_characteristic_configuration
# Writing to this would let a web page interfere with the broadcasted services.
00002903-0000-1000-8000-00805f9b34fb exclude-writes