Grove BLE (dual) insecure?

Hello everyone,

I have set up my module according to as follows:

  • BLE peripheral mode (AT+ROLB0)
  • BLE PIN: 123789 (AT+PINB123789)
  • Restart (AT+RESET)

Then I used the app LightBlue on my iPhone to connect to the module, but it connected right away and didn’t ask for any PIN, I could also send AT commands via LightBlue such as AT+PINE or AT+SCAN or AT+BAUD.

I am using the module to control my fan via AT+PIO but it is totally insecure if someone can also use LightBlue to connect and send AT+PIO to the module and mess it up.

How do we tackle this problem? Thank you very much in advance.
Hieu Nguyen.