CVE-2020-12857 : Vulnerability Insights and Analysis

COVIDSafe v1.0.15 and v1.0.16 Android app versions are vulnerable to remote device re-identification due to caching GATT characteristic values.

Understanding CVE-2020-12857

This CVE identifies a security vulnerability in the COVIDSafe Android app that could allow a remote attacker to re-identify devices.

What is CVE-2020-12857?

The vulnerability in COVIDSafe v1.0.15 and v1.0.16 allows an attacker to re-identify an Android device by exploiting the caching of GATT characteristic values (TempID).

The Impact of CVE-2020-12857

The vulnerability poses a risk of long-term re-identification of Android devices running COVIDSafe, potentially compromising user privacy and security.

Technical Details of CVE-2020-12857

COVIDSafe v1.0.15 and v1.0.16 are affected by a specific vulnerability related to GATT characteristic values caching.

Vulnerability Description

The issue arises from the improper caching of GATT characteristic values, enabling attackers to re-identify Android devices.

Affected Systems and Versions

Product: COVIDSafe Android app
Versions: v1.0.15 and v1.0.16

Exploitation Mechanism

Attackers can exploit the vulnerability by leveraging the cached GATT characteristic values to re-identify Android devices running COVIDSafe.

Mitigation and Prevention

Taking immediate steps and implementing long-term security practices are crucial to mitigating the risks associated with CVE-2020-12857.

Immediate Steps to Take

Update the COVIDSafe app to the latest version to patch the vulnerability.
Avoid using public Wi-Fi networks to reduce exposure to potential attacks.

Long-Term Security Practices

Regularly update all apps and the operating system on your Android device.
Be cautious when granting permissions to apps that access sensitive data.

Patching and Updates

Ensure that your COVIDSafe app is regularly updated to the latest version to address security vulnerabilities.