2020-09-09 16:11:54
mitre
PUBLISHED
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victims phone without authorisation, bypassing the Bluetooth address randomisation protection in the users phone.