Threat vectors which could compromise near-owner state configuration

[bdetwiler]

From Eric Rescorla [ekr@rtfm.com](mailto:ekr@rtfm.com), Thu, 04 May 2023 00:05 UTC via unwanted-trackers-request@ietf.org

3.8

It is important to prevent unwanted tracking alerts from occurring when the owner of the accessory is in physical proximity of the accessory, i.e., it is in near-owner mode. In order to allow suppression of unwanted tracking alerts for an accessory advertising the location-enabled advertisement with the owner nearby, the accessory MUST set the near-owner bit to be 1 when the near-owner state is in near-owner mode, otherwise the bit is set to 0. Table 2 specifies the values of this bit.

“So here's another example of a potential attack. How hard is it to persuade a device it is in near-owner state?”

[bledvina]

The only way an accessory can be put into the near-owner state is by an owner device with valid BT encryption keys to allow for a connection to the accessory. There are ways this could be thwarted (e.g., jailbroken device), of course.