Security Advisory - Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones
- SA No:huawei-sa-20170323-01-smartphone
- Initial Release Date: 2017.03.23
- Last Release Date: 2018.06.21
This vulnerability has been assigned a CVE ID: CVE-2017-2728.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170323-01-smartphone-en
|
Product Name |
Affected Version |
Resolved Product and Version |
|
GT3 |
The versions before NMO-L23C605B350 |
NMO-L23C605B350 |
|
The versions before NMO-L31C10B351 |
NMO-L31C10B351 |
|
|
The versions before NMO-L31C185B352 |
NMO-L31C185B352 |
|
|
The versions before NMO-L31C432B350 |
NMO-L31C432B350 |
|
|
The versions before NMO-L31C464B350 |
NMO-L31C464B350 |
|
|
The versions before NMO-L31C636B351 |
NMO-L31C636B351 |
|
|
Honor 5A |
The versions before CAM-L03C110B150 |
CAM-L03C110B150 |
|
The versions before CAM-L03C178B152 |
CAM-L03C178B152 |
|
|
The versions before CAM-L03C688B151 |
CAM-L03C688B151 |
|
|
The versions before CAM-L03DOMC109B125 |
CAM-L03DOMC109B125 |
|
|
The versions before CAM-L21C09B163 |
CAM-L21C09B163 |
|
|
The versions before CAM-L21C432B179 |
CAM-L21C432B179 |
|
|
The versions before CAM-L21C569B151 |
CAM-L21C569B151 |
|
|
The versions before CAM-L21C636B180 |
CAM-L21C636B180 |
|
|
The versions before CAM-L21ROUC150B131 |
CAM-L21ROUC150B131 |
|
|
Honor 5C |
The versions before NEM-L21C432B351 |
NEM-L21C432B351 |
|
The versions before NEM-L22C636B351 |
NEM-L22C636B351 |
|
|
The versions before NEM-L51C10B351 |
NEM-L51C10B351 |
|
|
The versions before NEM-L51C432B350 |
NEM-L51C432B350 |
|
|
Honor 6X |
The versions before BLL-L21C464B130 |
BLL-L21C464B130 |
|
The versions before Berlin-L21C10B360 |
Berlin-L21C10B360 |
|
|
The versions before Berlin-L21C185B360 |
Berlin-L21C185B360 |
|
|
The versions before Berlin-L21HNC10B360 |
Berlin-L21HNC10B360 |
|
|
The versions before Berlin-L21HNC185B360 |
Berlin-L21HNC185B360 |
|
|
The versions before Berlin-L21HNC432B360 |
Berlin-L21HNC432B360 |
|
|
The versions before Berlin-L22C636B150 |
Berlin-L22C636B160 |
|
|
The versions before Berlin-L22HNC636B360 |
Berlin-L22HNC636B360 |
|
|
The versions before Berlin-L23C605B141 |
Berlin-L23C605B141 |
|
|
Honor 7 |
The versions before PLK-AL10C00B388 |
PLK-AL10C00B388 |
|
The versions before PLK-L01C10B350 |
PLK-L01C10B350 |
|
|
The versions before PLK-L01C432B390 |
PLK-L01C432B390 |
|
|
The versions before PLK-L01C636B371 |
PLK-L01C636B371 |
|
|
Honor 8 |
The versions before FRD-L02C432B380 |
FRD-L02C432B380 |
|
The versions before FRD-L02C635B382 |
FRD-L02C635B382 |
|
|
The versions before FRD-L09C10B380 |
FRD-L09C10B380 |
|
|
The versions before FRD-L09C185B380 |
FRD-L09C185B380 |
|
|
The versions before FRD-L09C432B381 |
FRD-L09C432B381 |
|
|
The versions before FRD-L09C636B380 |
FRD-L09C636B380 |
|
|
The versions before FRD-L19C10B380 |
FRD-L19C10B380 |
|
|
The versions before FRD-L19C432B381 |
FRD-L19C432B381 |
|
|
The versions before FRD-L19C636B380 |
FRD-L19C636B380 |
|
|
MAIMANG 5 |
The versions before MLA-AL00C00B352 |
MLA-AL00C00B352 |
|
Mate 7 |
The versions before MT7-J1C635B593 |
MT7-J1C635B593 |
|
Mate 8 |
The versions before NXT-L09C185B580 |
NXT-L09C185B580 |
|
The versions before NXT-L09C432B570 |
NXT-L09C432B570 |
|
|
The versions before NXT-L09C605B585 |
NXT-L09C605B585 |
|
|
The versions before NXT-L09C636B580 |
NXT-L09C636B580 |
|
|
The versions before NXT-L29C10B580 |
NXT-L29C10B580 |
|
|
The versions before NXT-L29C185B580 |
NXT-L29C185B580 |
|
|
The versions before NXT-L29C432B581 |
NXT-L29C432B581 |
|
|
The versions before NXT-L29C605B585 |
NXT-L29C605B585 |
|
|
The versions before NXT-L29C636B580 |
NXT-L29C636B580 |
|
|
Mate S |
The versions before CRR-L09C432B390 |
CRR-L09C432B390 |
|
The versions before CRR-UL00C636B361 |
CRR-UL00C636B361 |
|
|
The versions before CRR-UL20C432B390 |
CRR-UL20C432B390 |
|
|
Nova |
The versions before Cannes-AL10C00B372 |
Cannes-AL10C00B372 |
|
P8 |
The versions before GRA-L09C432B394 |
GRA-L09C432B394 |
|
The versions before GRA-L09C605B365 |
GRA-L09C605B365 |
|
|
The versions before GRA-UL00C605B365 |
GRA-UL00C605B365 |
|
|
The versions before GRA-UL10C185B387 |
GRA-UL10C185B387 |
|
|
The versions before GRA-UL10C432B394 |
GRA-UL10C432B394 |
|
|
The versions before GRA-UL10C636B369 |
GRA-UL10C636B369 |
|
|
P8 Lite |
The versions before ALE-L02C635B568 |
ALE-L02C635B568 |
|
The versions before ALE-L21C10B541 |
ALE-L21C10B541 |
|
|
The versions before ALE-L21C185B568 |
ALE-L21C185B568 |
|
|
The versions before ALE-L21C432B597 |
ALE-L21C432B597 |
|
|
The versions before ALE-L23C605B535 |
ALE-L23C605B535 |
|
|
P9 |
The versions before EVA-L09C185B385 |
EVA-L09C185B385 |
|
The versions before EVA-L09C432B383 |
EVA-L09C432B383 |
|
|
The versions before EVA-L09C605B385 |
EVA-L09C605B385 |
|
|
The versions before EVA-L09C635B380 |
EVA-L09C635B380 |
|
|
The versions before EVA-L09C636B380 |
EVA-L09C636B380 |
|
|
The versions before EVA-L19C10B380 |
EVA-L19C10B380 |
|
|
The versions before EVA-L19C185B385 |
EVA-L19C185B385 |
|
|
The versions before EVA-L19C432B383 |
EVA-L19C432B383 |
|
|
The versions before EVA-L19C605B385 |
EVA-L19C605B385 |
|
|
The versions before EVA-L19C636B381 |
EVA-L19C636B381 |
|
|
The versions before EVA-L29C20B386 |
EVA-L29C20B386 |
|
|
The versions before EVA-L29C636B380 |
EVA-L29C636B380 |
|
|
P9 Lite |
The versions before VNS-L21C10B380 |
VNS-L21C10B380 |
|
The versions before VNS-L21C185B380 |
VNS-L21C185B380 |
|
|
The versions before VNS-L21C432B371 |
VNS-L21C432B371 |
|
|
The versions before VNS-L22C635B181 |
VNS-L22C635B181 |
|
|
The versions before VNS-L22C635B380 |
VNS-L22C635B380 |
|
|
The versions before VNS-L22C636B380 |
VNS-L22C636B380 |
|
|
The versions before VNS-L31C109B350 |
VNS-L31C109B350 |
|
|
The versions before VNS-L31C185B380 |
VNS-L31C185B380 |
|
|
The versions before VNS-L31C432B371 |
VNS-L31C432B371 |
|
|
The versions before VNS-L31C464B382 |
VNS-L31C464B382 |
|
|
The versions before VNS-L31C636B385 |
VNS-L31C636B385 |
|
|
P9 Plus |
The versions before VIE-L09C318B182 |
VIE-L09C318B182 |
|
The versions before VIE-L09C432B370 |
VIE-L09C432B370 |
|
|
The versions before VIE-L09C605B361 |
VIE-L09C605B361 |
|
|
The versions before VIE-L29C10B381 |
VIE-L29C10B381 |
|
|
The versions before VIE-L29C185B380 |
VIE-L29C185B380 |
|
|
The versions before VIE-L29C605B361 |
VIE-L29C605B361 |
|
|
The versions before VIE-L29C636B370 |
VIE-L29C636B370 |
Successful exploit could allow an attacker to impersonate a user's Bluetooth device to unlock the user's mobile phone screen.
Base Score: 6.4 (AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 5.9 (E:F/RL:O/RC:C)
1. The attacker has obtained the user's mobile phone.
2. The attacker has obtained information about the user's Bluetooth device which has been paired to the user's mobile phone.
Vulnerability details:
If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.
The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.
This vulnerability was reported to Huawei PSIRT by Nicky of Tencent Security Platform Department. Huawei would like to thank Nicky of Tencent Security Platform Department for working with us and coordinated vulnerability disclosure to protect our customers.
2018-06-21 V1.1 UPDATED Assigned a CVE ID(CVE-2017-2728) to the vulnerability; Updated the "Software Versions and Fixes" section;
2017-03-23 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.