Smartphones in a Microwave: Formal and Experimental Feasibility Study on Fingerprinting the Corona-Warn-App
Abstract
Contact Tracing Apps (CTAs) have been developed to contain the coronavirus disease 19 ( COVID-19) spread. By design, such apps invade their users’ privacy by recording data about their health, contacts, and—partially—location. Many CTAs frequently broadcast pseudorandom numbers via Bluetooth to detect encounters. These numbers are changed regularly to prevent individual smartphones from being trivially trackable. However, the effectiveness of this procedure has been little studied.
We measured real smartphones and observed that the German Corona-Warn-App (CWA ) exhibits a device-specific latency between two subsequent broadcasts. These timing differences provide a potential attack vector for fingerprinting smartphones by passively recording Bluetooth messages. This could conceivably lead to the tracking of users’ trajectories and, ultimately, the re-identification of users.
Mehr zum Titel
| Titel | Smartphones in a Microwave: Formal and Experimental Feasibility Study on Fingerprinting the Corona-Warn-App |
|---|---|
| Medien | TRUSTbus at ARES 2023 (20th International Workshop on Trust, Privacy and Security in the Digital Society) |
| Verlag | --- |
| Heft | --- |
| Band | --- |
| ISBN | --- |
| Verfasser/Herausgeber | Hendrik Graßhoff, Stefan Schiffner, Prof. Dr. Florian Adamsky |
| Seiten | --- |
| Veröffentlichungsdatum | 12.06.2023 |
| Projekttitel | --- |
| Zitation | Graßhoff, Hendrik; Schiffner, Stefan; Adamsky, Florian (2023): Smartphones in a Microwave: Formal and Experimental Feasibility Study on Fingerprinting the Corona-Warn-App. TRUSTbus at ARES 2023 (20th International Workshop on Trust, Privacy and Security in the Digital Society). |