Exposure Notification Security

jiska

Playlists: 'rc3' videos starting here / audio

Bluetooth is still the best technology we have in a smartphone to implement exposure notifications. It is safe to use the Corona-Warn-App. Fight me! ;)

Wait, what, did Jiska just submit a talk claiming that Bluetooth is secure?! Is this just another 2020 plot twist?

No, it's not. Assuming that we need an app that enables exposure notifications based on distance measurements, Bluetooth is the best trade-off. Audio would be more accurate but requires permanent access to the microphone. GPS does not work indoors, Wi-Fi and LTE chips are less accessible through smartphone APIs, so we're left with Bluetooth. And Bluetooth LE Advertisements are actually a great choice for such a protocol, further reducing exploitability.

As someone who was involved in finding multiple Bluetooth security issues within chips and operating systems, Jiska should be more afraid of Bluetooth, you might think. However, attacking Bluetooth on an up-to-date smartphone with recent chips is very complex and requires physical proximity. Those using outdated smartphones face similar risks when browsing the Internet, without the physical proximity requirement.

There are other issues within the CWA, such as missing awareness of places like restaurants and public transport, and a health system that lacks fast test reports. We should care about real problems instead of claiming security issues that barely have an impact on average users.

Download

These files contain multiple languages.

This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.

Please look for "audio tracks" in your desktop video player.

Embed

Share:

Tags