Bluetooth pairing pin

Answered

Comments

34 comments

  • Official comment
    Sam R.

    I've passed this feedback forward to our BluOS Development team. 

    If you do plan to use Bluetooth regularly, I'd set Settings > Player > Customize Sources > Bluetooth > to Manual so that BT playback doesn't start on your Bluesound player unless you switch to the BT Source in the BluOS app - which requires access to your home network.

    Regards,
    Sam R.

  • Jason Manternach

    That suggestion works to keep neighbors from playing over my device automatically, but it also means I can't use my Bluetooth.  It appears my neighbors are connecting and staying connected, so then I can't connect.  It also means I have to allow unauthorized users the potential to connect to a device on my private network if I ever try to turn Bluetooth on for MY use.

    How hard can it possibly be to put a PIN in place to allow me to use the features on the $500 device I PURCHASED?  A $10 Bluetooth earpiece often uses a PIN.

    How can you be OK with your device opening a security hole in your customer's networks with no solution?

    I've had your product for several years and it's been great with a couple of glitches, but this is a shocking oversight.  I've essentially lost a feature I liked to use because I had the nerve to move into an apartment.  It appears from what I've seen on this forum it's been this way for years and the response has always been "We'll look into it".  It's taken 2 weeks of back and forth messages with support to find out that I basically have no options besides finding another device.  Well, that's great.  Thanks.

     

    3
  • Jeroen

    I have a NAD amplifier with Bluesound module installed. I am faced with exactly the same problem as Jason. Literally anyone near my house can connect to my amplifier via the Bluesound card and control my amp.

    @Support: can we have an update please? What did the development team say? Are they planning to add the functionality to require a pairing pin? If not I have wasted a considerable amount of money on a product that otherwise is really good.

    2
  • Andrew Thomas

    Please provide and update as to when a Bluetooth pairing PIN will be available. The lack of this feature is a huge draw back and the fact you're unwilling to support your customer base by fulfilling such a reasonable request begs the question, is further investment in Bluesound equipment worth the risk?

    2
  • Stefan Mehre

    I have to agree, please add a one time authentication for BT connections so not everybody can connect. It‘s really hard to tell interested customers be aware when using BT because…

    So we got balance control after years of discussion, please let us get a one time authentication for BT 😁

    2
  • R. Sterenborg

    Yes. This happened to me yesterday as well. And, in this day and age where security is more and more important, it is incomprehensible you cannot at least enable Bluetooth PIN. Like, if you really don't want the PIN, then you can disable it. Bluesound seems to want to focus solely on "user-friendlyness", instead of also thinking about security.

    As mentioned before, much cheaper devices than what I bought, like e.g. ear buds, support Bluetooth PIN, even if the PIN is "0000" or "1234". (Please don't do this. But if you do, make it configurable using the Custom Integration API and web GUI). Certainly, this cannot be too difficult to implement.

    If it is deemed too difficult (or unnecessary?) by software engineers, then I suppose you should attract more qualified employees and who have a clue.

    If it is management not accepting this request, which has been requested several times: please get a clue-bat. You know how to handle it and what to do with it, so use it well... ;-)

    0
  • Lewis

    The node remembers the last source used, so unless your have the external device paired permanently to the node yes no one else can connect to it. However once switched off its free for all and anyone can connect. Setting the BT to disabled is just a work around and a hassle every time. This is really a security concern and flawed design.

    1
  • R. Sterenborg

    Yes, thanks Seppi, Lewis. However, I knew that already, and I ended up disabling Bluetooth. Although, reading Lewis' answer, I might set it to manual, pair, and see if someone else takes over. Excuse the wording, but it is a BS and not a real solution. It just lets Bluesound off the hook easy: not doing something they should have done in the first place.

    When I have Bluetooth enabled, it doesn't mean I want anyone to be able to pair with it (unless I let them). Think about your phone: do you want anyone to be able to just pair with it? No. Hence, the Bluetooth PIN exists. It also doesn't mean I have to set it to manual and to connect to it prior to anyone else. That's the world upside-down.

    I'm really interested in why Bluesound doesn't just implement the Bluetooth PIN. (And lets you choose if you want to use it, for people who don't want to.) Bluesound makes it feel like it's either hard to do, or that it would mean the end of the world if they did. I mean, you can find the feature in things as simple as ear buds, and for good reason. So why not in a system like BluOS.

    @bluesound: Can anyone comment on the actual reason why there is no Bluetooth PIN support?

    1
  • Tony W.
    Product Support Manager

    Can anyone comment on the actual reason why there is no Bluetooth PIN support?

    For the very simple reason of ease of use. As Seppi and Lewis both suggested if something is already paired, you cannot pair a second device. If you have no intent on using Bluetooth, disable it. In addition, many Bluetooth audio devices outside of smartphones have no ability to send or create a pairing PIN.

    -5
  • R. Sterenborg

    Yes, I certainly agree it's easy to use this way. However, perhaps too easy. Besides, maybe many devices don't have a pairing PIN, but also many do, so that is not a reason not to have it. Devices running BluOS are normally not that cheap, so for the price I think it's reasonable to expect this functionality to be available.

    However, it sounds it's likely never going to happen, because of no other reason except for "ease of use" and "not all devices have it".
    When the Bluetooth PIN could be enabled/disabled and would be configurable, it would suit everyone: the people who are using Bluetooth as it is now (they don't have to use/configure it), and the people who want to enable the pairing PIN (they, well, can). Perhaps not all devices running BluOS have a display that can display the PIN, so to avoid defaulting to "0000" or "1234", it would be good to be able to configure it using the BluOS Controller or web GUI. For all I care, disable the pairing PIN by default, so to not surprise or upset current Bluetooth users. To me, it this functionality doesn't sound like the end of the world to implement, and it would actually be a good thing.

    I realize I must be annoying by insisting this much, so I'll stop now. Thanks for explaining your stance.

    1
  • Andrew Thomas

    @Bluesound support thanks for advising the feature is not available for "ease of use" and "not all devices have it".

    Let's unpack these reasons. 
    Firstly, ease of use. is it really easier to have to enable and disable Bluetooth, or set it to manual mode and select Bluetooth as the source every time it is to be used? 

    Also these solutions leave a lot of room for error as you have to remember to reverse each setting when you disconnect or unwanted parties can connect again. 

    I know my wife or other trusted household members don't have the know-how to do this. Nor would I want them changing any of the configuration.

    However she can pair her phone to a Bluetooth speaker with a pin. And when she's manually disconnects Bluetooth or goes out of Bluetooth range for whatever reason the system is automatically secured.

    How about a situation such as a party where you only want select people to be able to connect via Bluetooth. Setting and sharing a pin is an easy and effective way to do this.

    As for the reason "not all devices have it", you are correct. However, Bluesound markets it's self as a premium brand with premium and well thought out products and for the most part this is true. However, Bluetooth without the option of a pin is not a premium feature. Nor does it appear well thought out.

    Maybe, for whatever reason, it's been overlooked up until now. However it is now being actively requested with truly reasonable justification.

    Implementing a Bluetooth pin as an "opt-in" feature (disabled by default) via an update would enable those who want to use Bluetooth to connect to devices that do not support a pin to continue to do so. While enabling those who do want to secure access to also do so. That's a win-win is it not?

    Given this is a feature request backed by strong justification and use cases, how does an opinion of "ease of use" negate the request?  It sounds like Bluesound is responding with "I understand you want this feature but really you don't. And even if we did, it would not be easy enough for you to use."

    Does the Bluesound team not have the technical know-how to implement a Bluetooth pin feature that is easy to configure and use? OR Does the Bluesound team just know better than their consumers what they want?

    3
  • Keralots

    I know that I'm reviving "old" topic but I have just both Powernode EDGE. It is really hard to believe that anyone can connect via bluetooth. Can't you just implement optional feature to enable pin for more advanced users? We hare 2023 and security is really importand those days. I cannot accept the fact that i should use "manual" mode or completly disable bluetooth feature, because $699 product is not capable of having $5 feature... Come on dear Devs... I challenge you to do someting in this case. 

    4
  • R. Sterenborg

    We hare 2023 and security is really importand those days

    Well, security, even as basic as this would be, is, apparently, not really important for Bluesound; instead, "easy of use" trumps security. Once sold, you're hooked to the product anyway, so it's easier to just not care.

    And if Bluesound considers this stance too short-sighted, then please prove me wrong by explaining how you do care about security. (Or better yet, please, implement an optional, configurable Bluetooth PIN.)

    3
  • Oleksii

    One more vote for PIN or popup with approval.

    Or at least forbid paring/connection in Manual mode if Bluetooth is not the current source!

    6
  • Oleksii

    Tony W.,

    The provided answer is not acceptable.

    There are multiple options except for PIN how to make Bluetooth more secure and more user-friendly, most of them have been mentioned here https://support1.bluesound.com/hc/en-us/community/posts/15170626446103-Make-Bluetooth-more-secure and ignored by Support.

    I mention them once again, please consider one of the following:

    - PIN (you don't like that, okay)

    - paring confirmation in the APP or by tapping any/specific button on the device

    - paring is off by default; in order to pair a new device user could turn paring on; paring will be turned off once connected or after 1 min

    - at least add an ability to change Bluetooth input configuration (off/last, for example or off/specified) to the Presets; now it takes 10 taps to turn Bluetooth off or on

     

     

    5
  • Oleksii

    @support, any updates?

    1
  • Max Dekker

    Dont hold your breath!

    1
  • Oleksii

    @support, any updates?

    1
  • Oleksii

    @support, any updates?

    1
  • Santeri Sormunen

    @support, any updates? This would be really good feature!!!

    1
  • Keralots

    Forget it. They simply do not care.
    Same as for adding YouTube Music platform.

    2
  • Eduardo P

    Bluesound is a lost company. This single security fix would bring users more value than the whole useless BluOS 4 for instance.

    3
  • Oleksii

    Actually, I bought Powernode Edge for the following reasons:

    - HDMI input with SEC

    - Spotify

    I did not find any alternative for the same price.

    But support and communication with customers are horrid.

    0
  • OCmylife

    And up! I also have a Powernode and disabled Bluetooth, cause my neighbors find it funny to disturb me with their music, while I wanted to watch a TV show. I would like to buy a Bluetooth speaker now, but without a secure connection, this wouldn`t be a Bluesound product.

    0
  • Tony W.
    Product Support Manager

    Hi OCmylife, see the Official Comment to set Bluetooth to Manual or Disabled.

    https://support1.bluesound.com/hc/en-us/community/posts/1500001220861/comments/1500001091562

    -2
  • Keralots

    This is not a solution to the problem.

    1
  • Santeri Sormunen

    This might be the worst customer support I have encountered!

    2
  • OCmylife

    I've learned my lesson and bought my bluetooth speaker from another company. :-)

     

    On this device you have to press a button for a few seconds to switch it into pairing mode, otherwise it wouldn't connect to new devices. It could be that easy!

    1
  • R. Sterenborg

    If I'd known beforehand that Bluesound was this incapable of understanding anything about basic security, I'd never have bought anything related to Bluesound. Even if I'd had to pay more to get it. But alas...

    It's unbelievable that for Bluesound, still in 2024, "ease of use" still trumps "security by design". I cannot imagine any sufficiently knowledgeable tech or dev standing for this, so I guess it must have been some stupid executive decision.

    @Bluesound: If you cannot handle a bluetooth PIN, then how are you going to handle anything regarding bluetooth on e.g. your phone? Virtually everything worth mentioning supports or even requires to enter a PIN. This may sound a bit harsh, but personally, I think that when you cannot handle a bluetooth PIN, you should be disallowed to use bluetooth. The longer you keep ignoring a little more, even if it were optional, selectable, bluetooth security, the longer this thread will become.

    It's too bad that this isn't as widely known as it needs to be. Perhaps a complete security audit against BluOS would be in order to open up some eyes. Oh well, it's more likely that Bluesound would ignore the outcome.

    4
  • woodie

    Couldn't agree more.

    0

Please sign in to leave a comment.