Samsung Galaxy S8 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability

Summary

Samsung Galaxy S8 suffers from use of cryptographically weak pseudo-random number generator (PRNG) vulnerability

Credit:

The information has been provided by Maxime Peterlin

The original article can be found at:https://security.samsungmobile.com/securityUpdate.smsb


Details

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset.

 

Vulnerable Systems:

Samsung Galaxy S8

Samsung Galaxy S8+

Samsung Galaxy Note8 

 

CVE Information:

CVE-2020-6616

 

Disclosure Timeline:
Published Date:5/8/2020

Categories: FeaturedNews