CVE-2020-24722

Name of the Vulnerable Software and Affected Versions GAEN protocol (affected versions not specified)

Description An issue was discovered in the GAEN protocol, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. The vendor's position is that TX power authentication would not be a useful defense against relay attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.