CVE-2020-12860 : What You Need to Know
CVE-2020-12860 allows remote attackers to access phone name and model information via COVIDSafe app, risking device re-identification and owner's name exposure. Learn about the impact and mitigation steps.
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information due to the use of all four roles of a BLE device, potentially leading to device re-identification and owner's name exposure.
Understanding CVE-2020-12860
COVIDSafe app vulnerability impacting user privacy and device identification.
What is CVE-2020-12860?
COVIDSafe app vulnerability allows remote attackers to access phone name and model information, compromising user privacy.
The Impact of CVE-2020-12860
- Remote attackers can access sensitive phone information
- Potential re-identification of devices
- Risk of exposing the owner's name
Technical Details of CVE-2020-12860
COVIDSafe app vulnerability details.
Vulnerability Description
- BLE device roles misuse in COVIDSafe app
- Allows access to phone name and model information
Affected Systems and Versions
- COVIDSafe through v1.0.17
Exploitation Mechanism
- Remote attackers exploit BLE device roles to access sensitive information
Mitigation and Prevention
Protecting against CVE-2020-12860.
Immediate Steps to Take
- Update COVIDSafe app to the latest version
- Avoid using the app on public networks
Long-Term Security Practices
- Regularly update all apps on your device
- Be cautious of permissions granted to apps
Patching and Updates
- Stay informed about security updates for the COVIDSafe app