Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit eb5e3697 authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Fix authentication bypass bug in SMP 

It is possible for a malicious peer to bypass SMP authentication by
claiming to have OOB data and proceeding with pairing, exploiting the
fact that the Android stack sets the OOB randomizer to zero if no local
OOB data is available.

Drop the connection if a peer claims it has OOB data but no local OOB
data has been stored.

Bug: 251514171
Test: m com.android.btservices
Ignore-AOSP-First: security
Tag: #security
Merged-In: I284b9581648b1f6e15eee371a39517c634d289fd
Merged-In: I85a121aea7b37318f8cfbcdb8075ece67806957e
Change-Id: Ib87574bd455bcc673a7e58283fd22342cf924cfd
parent 2fc3087b
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment