-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security and Privacy #9
Comments
Hi, This implementation of Nearby Share does not support being run over Bluetooth, and the service is only running and exposed when the user has elected to receive a file. Having said that, it's important to check the PIN that is shown before a transfer is started matches on both devices to avoid a MITM attack. If you do find a specific, reproducible security issue please open a ticket :) |
Maybe it is worth standardizing the protocol? For example through an IETF RFC? There is an upcoming meeting relatively close to you https://www.ietf.org/how/meetings/119/ |
Hey, the goal of this project is compatibility with Google's protocol. It would be great if it was a standardised protocol but that's for Google to decide and act on, not me. If Google changes the protocol I'll endeavour to update the project to maintain compatibility. Most of the reverse engineering work comes from https://github.com/grishka/NearDrop if you're interested in protocol documentation. |
Ok commented on google/nearby#2198 |
There are security and privacy concerns with the nearbyshare and related protocols:
Does this implementation do anything different? Should there be an advice to users?
The text was updated successfully, but these errors were encountered: