Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones

Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones

mci-pages-sharing
inner-content-image - Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones

Some Huawei smart phones have Smart lock ability that lets you set things up so that your phone unlocks its screen when certain conditions are met without entering your password or PIN or fingerprint. For example Smart lock ability is set up with trusted devices like smart watches or detecting trusted faces and etc.

Some Huawei mobile phones including P9، P9 Lite، P9 Plus have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device (in Bluetooth coverage scope) to unlock the user's mobile phone screen.

The characteristics of this vulnerability include:

  • SA No:huawei-sa-20170323-01-smartphone
  • Last Release Date For P9, P9 Lite, P9 Plus: Jun 21, 2018
  • Vulnerability ID: HWPSIRT-2017-01088
  • CVE ID: CVE-2017-2728
  • Base Score: 6.4 (AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
  • Temporal Score: 5.9 (E:F/RL:O/RC:C)
  • Credit: Nicky of Tencent Security Platform Department.