Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
The product does not properly “clean up” and remove temporary or supporting resources after they have been used.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Covidsafe | Health | * | 1.0.17 (excluding) |