-
Proximity Tracing in an Ecosystem of Surveillance Capitalism
Authors:
Paul-Olivier Dehaye,
Joel Reardon
Abstract:
Proximity tracing apps have been proposed as an aide in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device owners. The underlying protocols are known to suffer from false positive and re-identification attacks. We present evidence that the attacker's difficulty in moun…
▽ More
Proximity tracing apps have been proposed as an aide in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device owners. The underlying protocols are known to suffer from false positive and re-identification attacks. We present evidence that the attacker's difficulty in mounting such attacks has been overestimated. Indeed, an attacker leveraging a moderately successful app or SDK with Bluetooth and location access can eavesdrop and interfere with these proximity tracing systems at no hardware cost and perform these attacks against users who do not have this app or SDK installed. We describe concrete examples of actors who would be in a good position to execute such attacks. We further present a novel attack, which we call a biosurveillance attack, which allows the attacker to monitor the exposure risk of a smartphone user who installs their app or SDK but who does not use any contact tracing system and may falsely believe that they have opted out of the system.
Through traffic auditing with an instrumented testbed, we characterize precisely the behaviour of one such SDK that we found in a handful of apps---but installed on more than one hundred million mobile devices. Its behaviour is functionally indistinguishable from a re-identification or biosurveillance attack and capable of executing a false positive attack with minimal effort. We also discuss how easily an attacker could acquire a position conducive to such attacks, by leveraging the lax logic for granting permissions to apps in the Android framework: any app with some geolocation permission could acquire the necessary Bluetooth permission through an upgrade, without any additional user prompt. Finally we discuss motives for conducting such attacks.
△ Less
Submitted 13 September, 2020;
originally announced September 2020.
-
SwissCovid: a critical analysis of risk assessment by Swiss authorities
Authors:
Paul-Olivier Dehaye,
Joel Reardon
Abstract:
Ahead of the rollout of the SwissCovid contact tracing app, an official public security test was performed. During this audit, Prof. Serge Vaudenay and Dr. Martin Vuagnoux described a large set of problems with the app, including a new variation of a known false-positive attack, leveraging a cryptographic weakness in the Google and Apple Exposure Notification framework to tamper with the emitted B…
▽ More
Ahead of the rollout of the SwissCovid contact tracing app, an official public security test was performed. During this audit, Prof. Serge Vaudenay and Dr. Martin Vuagnoux described a large set of problems with the app, including a new variation of a known false-positive attack, leveraging a cryptographic weakness in the Google and Apple Exposure Notification framework to tamper with the emitted Bluetooth beacons. Separately, the first author described a re-identification attack leveraging rogue apps or SDKs. The response from the Swiss cybersecurity agency and the Swiss public health authority was to claim these various attacks were unlikely as they required physical proximity of the attacker with the target (although it was admitted the attacker could be further than two meters). The physical presence of the attacker in Switzerland was deemed significant as it would imply such attackers would fall under the Swiss Criminal Code. We show through one example that a much larger variety of adversaries must be considered in the scenarios originally described and that these attacks can be done by adversaries without any physical presence in Switzerland. This goes directly against official findings of Swiss public authorities evaluating the risks associated with SwissCovid. To move the discussion further along, we briefly discuss the growth of the attack surface and harms with COVID-19 and SwissCovid prevalence in the population. While the focus of this article is on Switzerland, we emphasize the core technical findings and cybersecurity concerns are of relevance to many contact tracing efforts.
△ Less
Submitted 22 June, 2020; v1 submitted 18 June, 2020;
originally announced June 2020.
-
Interoperability in the OpenDreamKit Project: The Math-in-the-Middle Approach
Authors:
Paul-Olivier Dehaye,
Michael Kohlhase,
Alexander Konovalov,
Samuel Lelièvre,
Markus Pfeiffer,
Nicolas M. Thiéry
Abstract:
OpenDreamKit --- "Open Digital Research Environment Toolkit for the Advancement of Mathematics" --- is an H2020 EU Research Infrastructure project that aims at supporting, over the period 2015--2019, the ecosystem of open-source mathematical software systems. From that, OpenDreamKit will deliver a flexible toolkit enabling research groups to set up Virtual Research Environments, customised to meet…
▽ More
OpenDreamKit --- "Open Digital Research Environment Toolkit for the Advancement of Mathematics" --- is an H2020 EU Research Infrastructure project that aims at supporting, over the period 2015--2019, the ecosystem of open-source mathematical software systems. From that, OpenDreamKit will deliver a flexible toolkit enabling research groups to set up Virtual Research Environments, customised to meet the varied needs of research projects in pure mathematics and applications.
An important step in the OpenDreamKit endeavor is to foster the interoperability between a variety of systems, ranging from computer algebra systems over mathematical databases to front-ends. This is the mission of the integration work package (WP6). We report on experiments and future plans with the \emph{Math-in-the-Middle} approach. This information architecture consists in a central mathematical ontology that documents the domain and fixes a joint vocabulary, combined with specifications of the functionalities of the various systems. Interaction between systems can then be enriched by pivoting off this information architecture.
△ Less
Submitted 21 March, 2016;
originally announced March 2016.
