Cloud Defense Logo

Products

Solutions

Company

CVE-2020-14292 : Vulnerability Insights and Analysis

Learn about CVE-2020-14292, a vulnerability in the COVIDSafe Android app that exposes users' Bluetooth addresses. Find out the impact, affected systems, and mitigation steps.

In the COVIDSafe application through 1.0.21 for Android, a vulnerability exists that allows attackers to reveal the victim's phone's public Bluetooth address without authorization.

Understanding CVE-2020-14292

The vulnerability in the COVIDSafe application for Android exposes users to privacy risks by disclosing their Bluetooth address.

What is CVE-2020-14292?

The flaw in the COVIDSafe app for Android enables attackers to bypass Bluetooth address randomization protection, exposing users' public Bluetooth addresses.

The Impact of CVE-2020-14292

This vulnerability allows malicious actors to obtain sensitive information, compromising user privacy and potentially leading to targeted attacks.

Technical Details of CVE-2020-14292

The technical aspects of the CVE-2020-14292 vulnerability are as follows:

Vulnerability Description

        The unsafe use of the Bluetooth transport option in the GATT connection in the COVIDSafe app for Android.
        Attackers can trick the app into establishing a connection over Bluetooth BR/EDR transport.

Affected Systems and Versions

        Product: COVIDSafe application
        Vendor: N/A
        Versions affected: Through 1.0.21 for Android

Exploitation Mechanism

        Attackers exploit the vulnerability to reveal the victim's phone's public Bluetooth address without authorization.

Mitigation and Prevention

To address CVE-2020-14292, users and organizations can take the following steps:

Immediate Steps to Take

        Update the COVIDSafe app to the latest version.
        Avoid using the app in public places where Bluetooth attacks are more likely.

Long-Term Security Practices

        Regularly check for app updates and security patches.
        Be cautious when granting permissions to apps that access sensitive data.

Patching and Updates

        Ensure that all devices running the COVIDSafe app are updated to the latest version to mitigate the vulnerability.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now