Alwen Tiu

2 exploits Active since May 2020
CVE-2020-14292 NOMISEC MEDIUM WRITEUP
COVIDSafe <1.0.21 - Info Disclosure
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.
CVSS 5.7
CVE-2020-12856 WRITEUP CRITICAL WRITEUP
OpenTrace <v1.0.17 - Info Disclosure
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.
CVSS 9.8