Google · Gaen Protocol · CVE-2020-24722
**Name of the Vulnerable Software and Affected Versions**
GAEN protocol (affected versions not specified)
**Description**
An issue was discovered in the GAEN protocol, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. The vendor's position is that TX power authentication would not be a useful defense against relay attacks.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.