Re-identification of Android Devices in COVIDSafe through Unreinitialized Random Data in Advertising Payload

Re-identification of Android Devices in COVIDSafe through Unreinitialized Random Data in Advertising Payload

CVE-2020-12858 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.

Learn more about our Cis Benchmark Audit For Google Android.