top | item 43196475

(no title)

> they are just using a "normal" BLE address and then reverse-engineering a key from that.

It's really clever - the BLE spec limits message size, so Apple uses the BLE address as part of the message (the first part of the public key).

But since the public address of a BLE chip has 24 bits of "Company ID" (similar to MAC addresses I guess?), and the registry records are public, they were able to precompute a bunch of public/private keypairs.

discuss

krupan|1 year ago

Apple used the company ID as part of the key material??

gruez|1 year ago

No. Read the paper again, specifically figure 3.