Ibeacons constantly advertise their signatures, this mainly composed of UUID, MAC Address, Minor and Major. If the app you design is dependent only on these parameters, then the ibeacon security implementation is very weak and is very vulnerable to all sorts of hacking methods. So an additional security layer is needed. There can be a number of ways to do this. The following are my ideas of securing the ibeacon implementation:
- Most Ibeacons can be configured over the air(OTA), it would be wise to always enable the password protection features of the ibeacon so that it can only be accessed by qualified and authorised administrators.
- With Ibeacons' signatures publicly advertised, without having an additional security layer, hackers and competitors can easily device new ways to either clone the ibeacon's signature and create push messages that will show up their own advertisements. To prevent this from happening, a security layer must be implemnented. A good example is by letting your customers register before they can use the mobile app. Another good example is adding additional validations such as how did your client came in to your store, there must be a pattern, they could have passed through McDonald before they came in and it's just so happen that McDonalds have implemented ibeacons and was detected by your customer's smart phone and was logged by your mobile app. The creation of additional security layer depends on your creativity.
- The APK must also be secured to prevent hackers from reverse engineering the app. If hackers have access to the source code of your app, the security layer implemented will be exposed.
Always remember that as the technology becomes more sophisticated, hackers can be one step ahead, but you still can beat them if you know how to stop them.