CVE-2020-12858

Name of the Vulnerable Software and Affected Versions COVIDSafe versions 1.0.15 through 1.0.16

Description The issue concerns non-reinitialisation of random data in the advertising payload, allowing a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.

Recommendations For COVIDSafe versions 1.0.15 and 1.0.16, update to a version that properly reinitializes random data in the advertising payload to prevent re-identification of devices. At the moment, there is no information about a newer version that contains a fix for this vulnerability.