hi,about the two method mutually exclusive, how to resolve it?can you provide more detail informations?thanks!

[cen123456]

No description provided.

[fO-000]

I see...

For AOSP the two bypass methods are mutually exclusive, so there is only a deception-based attack.

But for one (or more) well-known manufacture, there is a vulnerability-base attack:

1. The attacker first obtained two Bluetooth device addresses by scanning. The first is victim’s Bluetooth address,
   The second is an address that has obtained the PBAP or MAP access permission of the victim, like Bluetooth headsets and car computers belong to the victim.

2. The attacker changes his address to the second address, and then directly requests data (phone book and SMS) from the victim.

3. Data will be passed back to the attacker without the victim's knowledge. It’s totally stealthily.

Hope these help you to understand.

[cen123456]

ok,very thanks for you answer!
I test one method of bypass pair and pop up the hint of get privilege,its work fine.
then I test two methods on samsumg glaxy s8 and redmi note3,its failure,it maybe mutually exclusive,can you tell me which are you tested phone?

[fO-000]

Due to the manufacturer's request, I cannot tell you the specific name. But I think you have the ability to guess the name of that well-known manufacturer. In addition, they have already released patches.