Block tests centers / hospitals, create majority economic / social issues due to fake alerts.
Attack
First, the attacker will create a server, client of ROBERT server.
As client of ROBERT, it will appear as any smartphone.
Then, the attacker will distribute clients for its server.
The identifiers are everywhere the same at the same time and distributed via Bluetooth, using ROBERT protocol.
These clients can be "free Halloween app" requiring access to photo and bluetooth to create a true realistic 3D scan effect.
A "spy your friends" app require access to bluetooth to access contacts remotely.
A lots of fake apps ideas can be created.
It can also work threw a fake framework like XSSET recent attack.
Or simply Raspberry Pi distributed at strategic places.
These clients will distribute identifiers from the attacker server using ROBERT bluetooth protocol.
The identifiers collected in bluetooth are sent to attacker server and then sent to ROBERT server like only one device.
Chances to find COVID cases are important, so fake user will receive COVID diagnosis, but every contacts (true users) will receive this diagnosis.
And consequences of massive fake diagnosis can be dramatic.
Solution
Local diagnosis, with only identifiers retrieved locally.
Risk
Block tests centers / hospitals, create majority economic / social issues due to fake alerts.
Attack
First, the attacker will create a server, client of ROBERT server. As client of ROBERT, it will appear as any smartphone.
Then, the attacker will distribute clients for its server. The identifiers are everywhere the same at the same time and distributed via Bluetooth, using ROBERT protocol.
These clients can be "free Halloween app" requiring access to photo and bluetooth to create a true realistic 3D scan effect. A "spy your friends" app require access to bluetooth to access contacts remotely. A lots of fake apps ideas can be created. It can also work threw a fake framework like XSSET recent attack. Or simply Raspberry Pi distributed at strategic places.
These clients will distribute identifiers from the attacker server using ROBERT bluetooth protocol. The identifiers collected in bluetooth are sent to attacker server and then sent to ROBERT server like only one device.
Chances to find COVID cases are important, so fake user will receive COVID diagnosis, but every contacts (true users) will receive this diagnosis.
And consequences of massive fake diagnosis can be dramatic.
Solution
Local diagnosis, with only identifiers retrieved locally.