Putting Privacy to the Test: Introducing Red Teaming for Research Data Anonymization

Recently, the data protection practices of researchers in human-computer interaction and elsewhere have gained attention. Initial results suggest that researchers struggle with anonymization, partly due to a lack of clear, actionable guidance. In this work, we propose simulating re-identification...

EUVD-2020-5142

Malware in sbrugna...

Unifying Re-Identification, Attribute Inference, and Data Reconstruction Risks in Differential Privacy

Differentially private DP mechanisms are difficult to interpret and calibrate because existing methods for mapping standard privacy parameters to concrete privacy risks -- re-identification, attribute inference, and data reconstruction -- are both overly pessimistic and inconsistent. In this work...

Privid: A Privacy-Preserving Surveillance Video Analytics System

A group of academics has designed a new system known as "Privid" that enables video analytics in a privacy-preserving manner to combat concerns with invasive tracking. "We're at a stage right now where cameras are practically ubiquitous. If there's a camera on every street corner, every place you...

Code injection

On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy BLE device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offer...

CVE-2020-12857

Caching of GATT characteristic values TempID in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe...

CVE-2020-12859

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...

CVE-2020-12858

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons...

Design/Logic Flaw

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...

Code injection

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons...

Design/Logic Flaw

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...

CVE-2020-12860

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...

CVE-2020-12859

The CVE concerns COVIDSafe’s OpenTrace/BlueTrace protocol (up to v1.0.17). Unnecessary fields in the protocol payload allow a remote attacker to identify a device model by observing cleartext data, enabling re-identification of devices, particularly for less common phone models or in low-density ...

CVE-2020-12856

OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used...

Design/Logic Flaw

OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used...

CVE-2020-12858

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons...

CVE-2020-12857

Caching of GATT characteristic values TempID in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe...

CVE-2020-12857

CVE-2020-12857 concerns the COVIDSafe Android app, where caching of GATT characteristic values (TempID) in versions 1.0.15 and 1.0.16 allows a remote attacker to long-term re-identify an affected device. The Red Hat, NVD and CVE listings align on the impact: exposure of re-identification risk due...

CVE-2020-12856

OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used...

Vulnerability Identified in Genomic Data Sharing Network

A vulnerability in a network that processes genomic data could pave the way to some global genetic databases being hacked, and open the door to some serious privacy issues. Experts claim the problem lies in The Beacon Project, a network run by a coalition, Global Alliance for Genomics and Health,...