Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones

Some Huawei smart phones have Smart lock ability that lets you set things up so that your phone unlocks its screen when certain conditions are met without entering your password or PIN or fingerprint. For example Smart lock ability is set up with trusted devices like smart watches or detecting trusted faces and etc.
Some Huawei mobile phones including P9، P9 Lite، P9 Plus have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device (in Bluetooth coverage scope) to unlock the user's mobile phone screen.
The characteristics of this vulnerability include:


SA No:huawei-sa-20170323-01-smartphone
Last Release Date For P9, P9 Lite, P9 Plus: Jun 21, 2018
Vulnerability ID: HWPSIRT-2017-01088
CVE ID: CVE-2017-2728
Base Score: 6.4 (AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 5.9 (E:F/RL:O/RC:C)
Credit: Nicky of Tencent Security Platform Department.