CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues

Click the icon to Follow me:- twitterTelegramRedditDiscord

Posted by Stefan Marsiske via Fulldisclosure on Oct 06

GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722)

Summary

The TX Power value in the metadata in the beacon of the GAEN protocol
used by the corona/contact tracing app allows for attackers to
influence risk-score calculations in their favor, the same metadata
can also be used to deanonymize diagnosed users based on the type of
phone they are using.

Intro: GAEN Metadata in a nutshell

The beacon sent out by…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Available for Amazon Prime