Date: Aug 26th, 2021, 04:00 PM to 05:00 PM (MDT)
Presented by: Joel Reardon, Assistant Professor at the University of Calgary
Proximity tracing apps have been proposed as an aid in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device owners. The underlying protocols are known to suffer from false positive and re-identification attacks.
Dr. Joel Reardon, Assistant professor at the University of Calgary, presents evidence that the attacker’s difficulty in mounting such attacks has been overestimated. Indeed, an attacker leveraging a moderately successful app or SDK with Bluetooth and location access can eavesdrop and interfere with these proximity tracing systems at no hardware cost and perform these attacks against users who do not have this app or SDK installed. We describe concrete examples of actors who would be in a good position to execute such attacks.