video surveillance + DP-3T

[vaudenay]

I talked to someone who had a pretty nice attack idea.

In places with massive video surveillance and AI face recognition (don't need to go too far to find such a place), we can add a Bluetooth receiver to collect EphID's and store some (EphID,location,time,video) records to build a database. Once a used SK_t is revealed (or stolen), the holder can be recognized, and all his movements in this surveilled place can be reconstructed. The place where EphID is collected and SK_t is revealed could be in different countries.

The solution is to turn off DP-3T in places with video surveillance.

[pdehaye]

For instance: Tesco s where Estimote is deployed.

[LilithWittmann]

Several companies are trying to do behavioral analytics based on wifi/ble/surveillance cameras/…. In the last few years, there has been made so much effort to make our smartphones not (easily) traceable based on stuff like wifi probing. PEP-PT would bring back all these kind of issues again.

The solution is to turn off DP-3T in places with video surveillance.

Also, this is not only true for surveillance cameras but also stuff like credit card payments, bus stations with gates, customer loyalty cards. So Software updates for wifi-based analytics systems are only a matter of time. So it is not solved with turning it off in video-surveilled places.

This paper lists a few similar attack vectors 5.2-5.4 (these also cannot be solved by turning off surveillance cameras).

Also mentioned in https://github.com/DP-3T/documents/issues/21#issuecomment-609054758.

[noci2012]

It is also mentioned in #73 as an attack vector. Using directional antennae one can cover much larger distances to collect Samples. (even with ordinary BT hardware).

[Mike-Devel]

This is only relevant in the low-cost version, where the various EphID's can be retroactively linked to a single user via the now public SK_t. correct?