Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2020-14292

Description

In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.

POC

Reference

No PoCs from references.

Github

- https://github.com/0xT11/CVE-POC

- https://github.com/404notf0und/CVE-Flow

- https://github.com/ARPSyndicate/cvemon

- https://github.com/alwentiu/CVE-2020-14292

- https://github.com/alwentiu/contact-tracing-research

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/soosmile/POC