Stability of distance estimation in case of using a bluetooth Extender

[christiano-git]

I thought about if some one tries to generate large amounts of exposers by using a kind of Bluetooth range extender. Like a flooding attack is this possible ?

[nitram9]

From what I have read, it seems this could be a problem as the signal would still be strong despite being further away from the emitter. However, the weakness is that one is only spamming outwards and the other phones listen for IDs only every 5 minutes. So even if one is sending the signal and it is noticed by many, it only adds data to the list of reports. Theoretically one could also perform a DDOS attack by setting up multiple emitters until the a) frequency is too noisy and/or b) the data shared with the backend becomes too heavy.

b) shouldn't be a problem due to the small data packets
a) I don't know how this could be reasonably prevented but once an area is suspected of being 'jammed', I would assume that national authorities would quickly locate and find the infringing emitter. You can be sure that the penalties would be very severe for operating above the certified power limits...

[christiano-git]

Thanks for the feedback.
Sounds to me as possible. Personally I think it is not a high risk as only unnecessary notifications may occurred.
However the trust to the app would get very low as it is observed anyhow as a critical app.

What I expected is that BL low power profile is in a way secure in relation with booster or extender.
Could this be the case ?