Fix authentication bypass bug in SMP
It is possible for a malicious peer to bypass SMP authentication by claiming to have OOB data and proceeding with pairing, exploiting the fact that the Android stack sets the OOB randomizer to zero if no local OOB data is available. Drop the connection if a peer claims it has OOB data but no local OOB data has been stored. Bug: 251514171 Test: m com.android.btservices Ignore-AOSP-First: security Tag: #security (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:da41782664219a70b8a01c4121a38400ea514765) Merged-In: Ib87574bd455bcc673a7e58283fd22342cf924cfd Change-Id: Ib87574bd455bcc673a7e58283fd22342cf924cfd
Loading
Please register or sign in to comment