CVE-2020-24722

An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause...

Design/Logic Flaw

GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...

CVE-2020-24721

An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the...

CVE-2020-24721

An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the...