On the Effectiveness of Time Travel to Inject COVID-19 Alerts

Cite

Related Material

Chaos Computer Club e.V.

Vuagnoux, Martin Iovino, Vincenzo Vaudenay, Serge

Formal Metadata

Title

On the Effectiveness of Time Travel to Inject COVID-19 Alerts

Title of Series

rC3 - remote Chaos Experience

Number of Parts

275

Author

Vuagnoux, Martin

Iovino, Vincenzo

Vaudenay, Serge

License

CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/51876 (DOI)

Publisher

Chaos Computer Club e.V.

Release Date

2020

Language

No linguistic content; Not applicable

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

We build a time machine to inject (in 20 seconds) false alerts in Google Apple Exposure Notification apps such as Corona-Warn-App, Immuni, SwissCovid, etc. Digital contact tracing apps allow to alert people who have been in contact with people who may be contagious. The Google Apple Exposure Notification (EN) system is based on Bluetooth proximity estimation. It has been adopted by many countries around the world. However, many possible attacks are known. The goal of some of them is to inject a false alert on someone else's phone. This way, an adversary can eliminate a competitor in a sport event or a business in general. Political parties can also prevent people from voting. In this talk, we review several methods to inject false alerts. One of them requires to corrupt the clock of the smartphone of the victim. For that, we build a time-traveling machine to be able to remotely set up the clock on a smartphone and experiment our attack. We show how easy this can be done. We successfully tested several smartphones with the German app (Corona-Warn-App), the Italian app (Immuni), the Swiss app (SwissCovid), etc.

Keywords