Bluetooth/BLE car key (security)

I’m quite new to the Blynk world but the possibilities has already caused my simple RGB control project escalate a bit… :sweat_smile:

I would like to build a smartphone car key using Blynk and Bluetooth. The idea is to have a ESP32 installed in the car that can control windows, locks, etc.

I understand that no protocol is 100% secure which is why I’ll keep the stock key (with immobilizer) as fail safe. But at least I want to make sure I make it as secure as possible.

To me there is three main points of concern:

  1. App
  2. Communication protocol
  3. Blynk server

App: The auth token is great but its obviously not as secure as a password. Is there another way of only allowing commands from a certain device? I’m thinking maybe via mac adress validation? (A passphrase via terminal widget could be one solution, not very practical though) Any other ideas?

Communication protocol: I have not found any documentation on Bluetooth security and encryption. Which protocol is more sequre using Blynk, Bluetooth or BLE? Does Blynk use BLE 4.2?

Blynk server: What’s the role of Blynk server in Bluetooth applications? Is that a vulnerability?

Anything else that I’m missing?

  • ESP32 and Bluetooth or BLE
  • Android 10
  • Blynk server (?)

No input at all?

Anyone with experience using espressif GATT security with Blynk?