CVE-2020-12858 : Security Advisory and Response
Learn about CVE-2020-12858, a vulnerability in COVIDSafe v1.0.15 and v1.0.16 allowing remote attackers to re-identify Android devices. Find mitigation steps and preventive measures.
COVIDSafe v1.0.15 and v1.0.16 suffer from non-reinitialization of random data in the advertising payload, enabling remote attackers to re-identify Android devices.
Understanding CVE-2020-12858
This CVE involves a vulnerability in COVIDSafe versions 1.0.15 and 1.0.16 that could allow malicious actors to re-identify Android devices by scanning for their advertising beacons.
What is CVE-2020-12858?
The vulnerability arises from the non-reinitialization of random data in the advertising payload of COVIDSafe versions 1.0.15 and 1.0.16.
The Impact of CVE-2020-12858
The vulnerability permits remote attackers to re-identify Android devices running COVIDSafe by detecting their advertising beacons.
Technical Details of CVE-2020-12858
This section delves into the specifics of the vulnerability.
Vulnerability Description
The issue stems from the failure to reinitialize random data in the advertising payload of COVIDSafe v1.0.15 and v1.0.16.
Affected Systems and Versions
- Product: COVIDSafe
- Vendor: N/A
- Versions: 1.0.15 and 1.0.16
Exploitation Mechanism
Attackers can exploit this vulnerability to re-identify Android devices by scanning for their advertising beacons.
Mitigation and Prevention
Protective measures to address CVE-2020-12858.
Immediate Steps to Take
- Update COVIDSafe to the latest version to mitigate the vulnerability.
- Be cautious while using the app in public places to avoid potential attacks.
Long-Term Security Practices
- Regularly update all applications on your Android device to patch security flaws.
- Avoid using public Wi-Fi networks to reduce exposure to potential threats.
Patching and Updates
Stay informed about security updates for COVIDSafe and promptly apply patches to ensure protection.