To prevent spoofing or cloning Kontakt.io IoT devices with Bluetooth Low Energy (BLE) technology can rotate (shuffle) their iBeacon and Eddystone identifiers. Rotations take place in a constant time interval set to 24 hours of device operation.
This mechanism is based on the fact that both Kontakt.io Kio Cloud and BLE devices share the same algorithm that, when provided with the same configuration keys (unique for each BLE device) will generate the same values. Once a beacon is configured as shuffled it broadcasts iBeacon an/or Eddystone identifiers generated by this particular algorithm, changing the values every shuffling interval.
To enable Secure Shuffling, a config with the shuffled
parameter set to true
must be created and applied to a device. Similarly, turning it off requires the shuffled
parameter set to false
. Learn more about device configuration from the Device Management API documentation.
Warning
Highly recommended to configure devices before shuffling them.
When using a Kontakt.io SDK for iOS or Android resolving happens mostly automatically. The information below will help to understand what happens under the hood.
Resolving a device identifier is done by simply requesting a device by either Proximity UUID, Major & Minor (bid
parameter) or by Namespace & Instance ID (euid
parameter), depending on whether the device is advertising in iBeacon or Eddystone mode. The response will contain the deshuffled device information.
Additionally, the next 7 shuffled values (for both iBeacon and Eddystone) for the requested devices are included in the response, specifically in the futureId
attribute. However, please keep in mind that our backend assumes constant, uninterrupted operation of a shuffled device and it has no way to know when a device had its battery removed. In a situation like this or when the device battery dies and is replaced after some time, shuffling will be resumed with last advertised identifier. Kio Cloud will still keep track of that device, since resolving is algorithm-based and not time-based. Nevertheless, the futureId
array may return incorrect values until fixed. To do that, shuffling must be turned off and then on again.