[blumomo]

In a previous company we built a Bluetooth Low Energy server app into the embedded Raspberry Pi-like system.

Long story short:

1. RPi broadcasts via BLE the wifi networks it can see

2. A ReactNative App lets the user choose the wifi network to connect to, pre-selected is the wifi network which the mobile is connected to

3. User enters wifi password

4. App sends it to RPI, still via BLE

5. RPi responds with IP address when successfully connected or with an error, all via BLE.

6. App can now talk to Pi via IP

7. BLE server on Pi shuts down. Done.

Advantage: user never needs to mess with changing to any ad-hoc wifi. Awesome UX.

[Fnoord]

Hmm, using BLE to send your WPA2-PSK password? Isn't that insecure?

[ploxiln]

You probably want to encrypt it with a public key for which the raspi has the private key. You could validate the public key with a qr-code on the raspi, or some other pre-arranged scheme.

This is a very similar situation to being able to access the device on the LAN over tcp/ip and needing to pass it a secret.

[sdenton4]

(Or just use diffie hellman to generate a symmetric key pair for communicating for the length of the session... you'd still want something to prevent MITM, but if you're not concerned about MITM attacks at session creation time, DH gets user effort down to about zero.)

[anon4242]

BLE has support for encrypted communication so should be ok, at least in theory.

[aceperry]

The older BLE 4.x versions had lots of security exploits. I'm not sure about the latest 5.x versions though.