You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The app sends the DiD value in the clear in Bluetooth frames. This value is linked to the phone number and device Android ID and so acts as long-lived, persistent identifier of the handset. By sending this in the clear, an attacker monitoring Bluetooth frames can potentially track users movements over time.
Note that due to such concerns the Google/Apple Exposure Notification system frequently changes the identifier broadcast in Bluetooth frames, and similarly most other apps (the Singapore and Australian apps for example).
Commercial providers are already seeking to build bluetooth sensor networks specifically targetting COVID-19 surveillance of this sort by embedding SDK code within common apps, e.g. see www.cuebiq.com/visitation- insights- covid19 and arxiv.org/pdf/2009.06077.pdf.
We therefore recommend that the app be modified to frequently change the broadcast identifier so as to mitigate such linking attacks.
The text was updated successfully, but these errors were encountered:
The app sends the DiD value in the clear in Bluetooth frames. This value is linked to the phone number and device Android ID and so acts as long-lived, persistent identifier of the handset. By sending this in the clear, an attacker monitoring Bluetooth frames can potentially track users movements over time.
Note that due to such concerns the Google/Apple Exposure Notification system frequently changes the identifier broadcast in Bluetooth frames, and similarly most other apps (the Singapore and Australian apps for example).
Commercial providers are already seeking to build bluetooth sensor networks specifically targetting COVID-19 surveillance of this sort by embedding SDK code within common apps, e.g. see www.cuebiq.com/visitation- insights- covid19 and arxiv.org/pdf/2009.06077.pdf.
We therefore recommend that the app be modified to frequently change the broadcast identifier so as to mitigate such linking attacks.
The text was updated successfully, but these errors were encountered: