Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit d9de53d4 authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Fix authentication bypass bug in SMP 

It is possible for a malicious peer to bypass SMP authentication by
claiming to have OOB data and proceeding with pairing, exploiting the
fact that the Android stack sets the OOB randomizer to zero if no local
OOB data is available.

Drop the connection if a peer claims it has OOB data but no local OOB
data has been stored.

Bug: 251514171
Bug: 374376990
Test: m com.android.btservices
Flag: com.android.bluetooth.flags.btsec_le_oob_pairing
Ignore-AOSP-First: security
Tag: #security
Change-Id: I284b9581648b1f6e15eee371a39517c634d289fd
parent 896ed95f
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment