Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2020-12859 : Exploit Details and Defense Strategies

Learn about CVE-2020-12859 affecting COVIDSafe protocol, allowing device model identification by attackers. Find mitigation steps and update recommendations.

COVIDSafe through v1.0.17 allows a remote attacker to identify device models, leading to potential re-identification of devices.

Understanding CVE-2020-12859

What is CVE-2020-12859?

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 enable a remote attacker to discern a device model by analyzing cleartext payload data, facilitating the re-identification of devices, particularly less common phone models or those in low-density scenarios.

The Impact of CVE-2020-12859

The vulnerability poses a risk of privacy invasion and potential tracking of individuals using the COVIDSafe app.

Technical Details of CVE-2020-12859

Vulnerability Description

The issue arises from the presence of unnecessary fields in the OpenTrace/BlueTrace protocol, allowing device model identification through payload data.

Affected Systems and Versions

        Systems running COVIDSafe up to version 1.0.17

Exploitation Mechanism

        Remote attackers can exploit the vulnerability by observing cleartext payload data to determine device models.

Mitigation and Prevention

Immediate Steps to Take

        Update COVIDSafe to the latest version to mitigate the vulnerability.
        Avoid using the app on less common phone models or in low-density areas if unable to update.

Long-Term Security Practices

        Regularly update the COVIDSafe app to ensure protection against known vulnerabilities.

Patching and Updates

        Stay informed about security updates for COVIDSafe and promptly apply patches to address any identified vulnerabilities.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now