Bluetooth-based Re-Identification Vulnerability in COVID-19 Contact Tracing Apps

Bluetooth-based Re-Identification Vulnerability in COVID-19 Contact Tracing Apps

CVE-2020-12856 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.

Learn more about our Cis Benchmark Audit For Apple Ios.