Samsung Galaxy S8 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability
Published on June 29th, 2020
Summary
Samsung Galaxy S8 suffers from use of cryptographically weak pseudo-random number generator (PRNG) vulnerability
Credit:
The information has been provided by Maxime Peterlin
The original article can be found at:https://security.samsungmobile.com/securityUpdate.smsb
Details
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset.
Vulnerable Systems:
Samsung Galaxy S8
Samsung Galaxy S8+
Samsung Galaxy Note8
CVE Information:
Disclosure Timeline:
Published Date:5/8/2020