Samsung Galaxy S8 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability

Published on June 29th, 2020
Summary

Samsung Galaxy S8 suffers from use of cryptographically weak pseudo-random number generator (PRNG) vulnerability

Credit:

The information has been provided by Maxime Peterlin

The original article can be found at:https://security.samsungmobile.com/securityUpdate.smsb


Details

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset.

 

Vulnerable Systems:

Samsung Galaxy S8

Samsung Galaxy S8+

Samsung Galaxy Note8 

 

CVE Information:

CVE-2020-6616

 

Disclosure Timeline:
Published Date:5/8/2020

Categories: FeaturedNews

Related Posts

News

Zulip Desktop before 5.2.0 Improper Certificate Validation Vulnerability

News

Zoneplayer 2.0.1.3 Insufficient Information Vulnerability

News

WSO2 API Manager 3.0.0 and earlier Improper Restriction of XML External Entity Reference Vulnerability