QwikSec

Security Database

CVE

CWE

Training

CVE-2020-13702

Published: Jun 11, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:N/S:U/UI:N

Attack Complexity

Low

Attack Vector

Adjacent

Availability

None

Confidentiality

Low

Integrity

None

Privileges Required

None

Scope

Unchanged

User Interaction

None

References

https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf

x_refsource_MISC

https://blog.google/documents/70/Exposure_Notification_-_Bluetooth_Specification_v1.2.2.pdf

x_refsource_MISC

https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf

x_refsource_MISC

https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf

x_refsource_MISC

https://github.com/google/exposure-notifications-internals/commit/8f751a666697c3cae0a56ae3464c2c6cbe31b69e

x_refsource_MISC

https://github.com/google/exposure-notifications-internals/commit/8f751a666697

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.