CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues
Click the icon to Follow me:- 
Posted by Stefan Marsiske via Fulldisclosure on Oct 06
GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722)
Summary
The TX Power value in the metadata in the beacon of the GAEN protocol
used by the corona/contact tracing app allows for attackers to
influence risk-score calculations in their favor, the same metadata
can also be used to deanonymize diagnosed users based on the type of
phone they are using.
Intro: GAEN Metadata in a nutshell
The beacon sent out by…
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
