CVE-2020-12857

Caching of GATT characteristic values TempID in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe...

CVE-2020-12860

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...

CVE-2020-12858

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons...

EUVD-2020-5140

Malware in sbrugna...

EUVD-2020-5141

Malware in sbrugna...

Unspecified vulnerability in COVIDSafe app

COVIDSafe app is an Australian coronavirus contact tracing app. The COVIDSafe app suffers from an unspecified vulnerability that stems from an unnecessary field in the OpenTrace/BlueTrace protocol. An attacker can exploit the vulnerability by looking at plaintext payload data to confirm the model...