Code Monkey home page Code Monkey logo

Comments (4)

oseiskar avatar oseiskar commented on August 20, 2024 5

I think this issue is being overlooked by everyone. The Google/Apple Contact Tracing / Exposure Notification specification (based on DP-3T) seems to do nothing to address this. To elaborate (and raise awareness of) the issue, I've written a small PoC that demonstrates BLE sniffing in this context: https://github.com/oseiskar/corona-sniffer . As noted by @pdehaye , systems that are capable of doing the same are already widespread

from documents.

pdehaye avatar pdehaye commented on August 20, 2024 5

Thanks, @oseiskar. I think everyone knows this attack exists, but the fact that you implemented it changes the calculus around data protection risks. In other words, the PoC changes the legal calculus present in the White Paper (see many of the issues cross-referencing this one, which are clearly not addressed anywhere yet)

from documents.

oseiskar avatar oseiskar commented on August 20, 2024 4

Update: I adjusted my PoC to also work with the DP-3T protocol (previously only targeted the Apple/Google EN protocol) and I verified that it works using the official DP-3T Android test app

from documents.

FroehlichMarcel avatar FroehlichMarcel commented on August 20, 2024 2

I don't share the opinion that "everyone knows this attack exists". This is really handled so far by broader audiences either as an esoteric hypothetical thing not worth worrying about or totally not understanding the scale and capabilities of existing BT tracking infrastructure. Some countries (e.g. Germany) seem to have no appetite at all to provide any specific legal framework for app-based contact tracing. The typical question is "Why would anyone want to collect and de-anonymize? The collected IDs have a limited lifespan.".

from documents.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.