Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-12856 PoC — OpenTrace 安全漏洞

Source
https://github.com/alwentiu/COVIDSafe-CVE-2020-12856
Associated Vulnerability
Title:OpenTrace 安全漏洞 (CVE-2020-12856)
Description:OpenTrace是一款BlueTrace流行病学联系人跟踪隐私保护协议的实现。 OpenTrace(用在COVIDSafe 1.0.17及之前版本、TraceTogether和ABTraceTogether及其他应用程序(iOS和Android))中存在安全漏洞。远程攻击者可利用该漏洞长期跟踪用户或可能造成其他危害。
Description
A bluetooth-related vulnerability in some contact tracing apps
Readme
# COVIDSafe-CVE-2020-12856: A silent pairing issue in bluetooth-based contact tracing apps

Authors: Jim Mussared (George Robotics), Alwen Tiu (The Australian National University)

A vulnerability has been identified in the implementation of the Android version of Australia's COVIDSafe (v1.0.17 and earlier) contact tracing app that may affect several other contact tracing apps that share a similar architecture, such as Singapore's TraceTogether and Alberta's ABTraceTogether. This issue is being tracked using the CVE ID [CVE-2020-12856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12856). 
This vulnerability allows an attacker to bond silently with an Android phone running a vulnerable version of the app. The bonding process involves exchanges of permanent identifiers of the victim phone: the identity address of the bluetooth device in the phone and a cryptographic key called Identity Resolving Key (IRK). Either one of these identifiers can be used for long term tracking of the phone.  

This vulnerability was reported to DTA (who is responsible for the COVIDSafe app) on May 5th, 2020, and it has been fixed in COVIDSafe (Android) v1.0.18. 
Details of our finding are available [here](https://github.com/alwentiu/COVIDSafe-CVE-2020-12856/blob/master/CVE-2020-12856-19-June-2020.pdf). 

The proof-of-concept code can be found [here.](https://github.com/alwentiu/COVIDSafe-CVE-2020-12856/blob/master/code)

An earlier draft (dated May 18th, 2020) that was sent to various developer teams is 
available [here.](https://github.com/alwentiu/COVIDSafe-CVE-2020-12856/blob/master/CVE-2020-12856-18-may-2020.pdf)
(Note that this earlier draft has a small typo in the CVE ID; it refers to CVE-2020-12586 instead of CVE-2020-12856)
File Snapshot

 [4.0K]  /data/pocs/2815da9103c2c1b64ca2472114128b66c3f00c34
├── [4.0K]  code
│   ├── [ 18K]  COPYING
│   ├── [4.7K]  exploit1.py
│   ├── [6.7K]  gatt_advert.py
│   ├── [ 20K]  gatt_server.py
│   ├── [1.4K]  README.md
│   └── [ 210]  setup.sh
├── [1005K]  CVE-2020-12856-18-may-2020.pdf
├── [1016K]  CVE-2020-12856-19-June-2020.pdf
├── [1.7K]  README.md
├── [  97]  SHA256SUM-2020-05-18
└── [  97]  SHA256SUM-2020-05-23

1 directory, 11 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.