CVE-2020-13702

Name of the Vulnerable Software and Affected Versions Apple/Google Exposure Notification API beta through 2020-05-29

Description The issue enables attackers to circumvent Bluetooth Smart Privacy due to a secondary temporary UID in the Rolling Proximity Identifier. This allows an attacker with access to Beacon or IoT networks to track individual device movement via a Bluetooth LE discovery mechanism.

Recommendations For Apple/Google Exposure Notification API beta through 2020-05-29, consider disabling the Rolling Proximity Identifier until a patch is available to prevent exploitation. Restrict access to Beacon or IoT networks to minimize the risk of tracking individual device movement.