Unrated severityNVD Advisory· Published Jun 11, 2020· Updated Aug 4, 2024
CVE-2020-13702
CVE-2020-13702
Description
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.
Affected products
2- Apple/Google/Exposure Notification APIdescription
- Range: <2020-05-30
Patches
Vulnerability mechanics
References
3- blog.google/documents/70/Exposure_Notification_-_Bluetooth_Specification_v1.2.2.pdfmitrex_refsource_MISC
- github.com/google/exposure-notifications-internals/commit/8f751a666697mitrex_refsource_MISC
- github.com/google/exposure-notifications-internals/commit/8f751a666697c3cae0a56ae3464c2c6cbe31b69emitrex_refsource_MISC
News mentions
0No linked articles in our index yet.