Exploitation Summary
EIP tracks 1 public exploit for CVE-2020-14292. PoCs published by alwentiu.
AI-analyzed exploit summary CVE-2020-14292 describes a Bluetooth transport issue in the COVIDSafe app where the use of TRANSPORT_AUTO defaults to BR/EDR, revealing the public Bluetooth address of the victim's phone. The vulnerability arises from unsafe GATT connection handling in the app.
Description
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.
Exploits (1)
CVE-2020-14292 describes a Bluetooth transport issue in the COVIDSafe app where the use of TRANSPORT_AUTO defaults to BR/EDR, revealing the public Bluetooth address of the victim's phone. The vulnerability arises from unsafe GATT connection handling in the app.
References (4)
Scores
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N