Service disruption or alteration

[vastianazzo]

Service disruption or alteration To be as effective as possible in fighting the COVID-19 pandemic, Immuni needs to operate reliably. We devised several measures to ensure that the system is highly resistant to attacks that attempt to compromise its availability and modify its intended behaviour.

L’affermazione è apodittica. La “resistenza” agli attacchi dipende parecchio dal protocollo bluetooth e dall'aggiornamento dal device. E’ per questo che, in presenza di protocolli bluetooth obsoleti o sistemi non aggiornati, dovrebbe essere perlomeno informato l’utente della vulnerabilità del proprio device ad attacchi esterni tramite tale protocollo Per esempio, si veda la seguente vulnerabilità This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows: On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm). On Android 10, this vulnerability is not exploitable for technical reasons and only results in a crash of the Bluetooth daemon. Android versions even older than 8.0 might also be affected but we have not evaluated the impact.