Stephan Somogyi

CVE-2020-13702 WRITEUP MEDIUM WRITEUP

The Rolling Proximity Identifier < 2020-05-29 - Exposure of Sensitive Information via Bluetooth LE Discovery

The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.

CVSS 4.3

View Code

CVE-2020-13702 WRITEUP MEDIUM WRITEUP

The Rolling Proximity Identifier < 2020-05-29 - Exposure of Sensitive Information via Bluetooth LE Discovery

The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.

CVSS 4.3

View Code