Vulnerability: CVE-2020-6616

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).


https://security.samsungmobile.com/securityUpdate.smsb
https://support.apple.com/HT211168
https://support.apple.com/kb/HT211100
https://support.apple.com/kb/HT211168
http://seclists.org/fulldisclosure/2020/May/49
http://bluetooth.lol
https://github.com/seemoo-lab/internalblue/blob/master/doc/rng.md
https://media.ccc.de/v/DiVOC-6-finding_eastereggs_in_broadcom_s_bluetooth_random_number_generator
https://twitter.com/naehrdine/status/1255980443368919045
https://twitter.com/naehrdine/status/1255981245147877377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6616


It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.


Leave a Reply