07 May 2020
Colombia will adopt the Apple-Google contact tracing platform after finding it necessary to remove the contact tracing functions from CoronApp, the official Colombian coronavirus information app because they didn’t work. CoronApp was downloaded by 4.3 million people, and includes features to report
01 Jun 2020
Italy has launched Immuni, one of the first contact tracing apps based on the Apple-Google API. The app is opt-in, and includes an explanation of the privacy and security measures in its setup. The app collects anonymously bluetooth tokens that are automatically randomised, but does not collect GPS
07 May 2020
In a technical analysis of the UK NHSx contact tracing app for iOS, security engineers find that Apple's Bluetooth design makes it harder to detect iPhones running the app in background mode, and the app is using "keepalive" notifications in order to keep the app able to make the necessary
21 Apr 2020
The French government asked Apple to change the way its phones handle Bluetooth in order to accommodate the design of its contact tracing app. Downloading and installing the app will be voluntary, but the app will use a centralised design in which the data will be fed into a government server for
18 May 2020

New BIAS attack works agaisnt Bluetooth devices and firmware from Apple, Broadcom, Cypress, Intel, Samsung, and others.

Academics have disclosed today a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices. The vulnerability, codenamed BIAS (Bluetooth Impersonation AttackS), impacts the classic version of the
30 Apr 2020
Researchers at the University of Cape Town are developing the smartphone app COVI-ID to help the South African government track people who may not know they have contracted COVID-19, as well as people who have come into contact with those who have tested positive. The app will use Bluetooth and
30 Apr 2020
The Indian authorities have said that the country's contact-tracing app, Aarogya Setu ("health bridge", in Sanskrit), will be voluntary - but mandatory for federal government employees, food delivery workers, and some other service providers. It may also be needed to access public transport and
30 Apr 2020
Two million people downloaded Australia's COVIDSafe app in the first four days it was available; the government's goal is to reach 10 million, or about 40% of the population. Users are asked for a (not necessarily real) name, age, mobile number, and postal code. The app exchanges a Bluetooth
21 Apr 2020
By May 11, the Swiss Federal Office of Public Health, working with EFPL and ETH Zurich, will launch a secure, decentralised system for contact tracing developed by the Decentralised Privacy-Preserving-Proximity Tracing (DP-3T) international consortium, whose Swiss partners are Ubique and
26 Apr 2020
Three days after announcing Germany would adopt the centralised Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) standard for contact tracing, the country's chancellery minister Helge Braun and health minister Jens Spahn announced they would instead use the decentralised approach backed
16 Apr 2020
North Macedonia is the first country in the Western Balkans to launch a contact-tracing app. The government has stressed that the Bluetooth-based app, StopKorona!, complies with all legal privacy requirements. The app follows a decentralised design, so that users maintain full control over their
15 Apr 2020
India's COVID-19 tracker app, Aarogya Setu, was downloaded 50 million times in the first 13 days it was available. Developed by the National Informatics Centre a subsidiary of the Ministry of Electronics and IT, the app is available on both Android and iOS smartphones, and uses GPS and Bluetooth to
30 Mar 2020
Authorities in the Kazakhstan cities of Astana and Almaty will require those ordered to mandatory quarantine to install the Smart Astana app and enable geolocation settings, wifi, and Bluetooth to make it possible to monitor them and ensure they move no more than 30 meters from their designated
01 Apr 2020
Led by Germany's Fraunhofer Heinrich Hertz Institute for Telecoms, technologists and scientists from at least eight countries, are working on a proximity-based contact tracing technology that complies with GDPR. The Pan-European Privacy-Preserving Proximity Tracing project (PEPP-PT) is intended to
02 Apr 2020
The surveillance tool supplier Cy4Gate is pitching surveillance tools to track every citizen and their contacts to multiple governments around the world, including their own. In a demonstration of the system, Governments using the system, which Cy4Gate calls "Human Interaction Tracking System (HITS)
23 Jul 2018

Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must