back

Exposure Notification Security

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:40:31
Language
English
Abstract
Bluetooth is still the best technology we have in a smartphone to implement exposure notifications. It is safe to use the Corona-Warn-App. Fight me! ;)

Wait, what, did Jiska just submit a talk claiming that Bluetooth is secure?! Is this just another 2020 plot twist?

No, it's not. Assuming that we need an app that enables exposure notifications based on distance measurements, Bluetooth is the best trade-off. Audio would be more accurate but requires permanent access to the microphone. GPS does not work indoors, Wi-Fi and LTE chips are less accessible through smartphone APIs, so we're left with Bluetooth. And Bluetooth LE Advertisements are actually a great choice for such a protocol, further reducing exploitability.

As someone who was involved in finding multiple Bluetooth security issues within chips and operating systems, Jiska should be more afraid of Bluetooth, you might think. However, attacking Bluetooth on an up-to-date smartphone with recent chips is very complex and requires physical proximity. Those using outdated smartphones face similar risks when browsing the Internet, without the physical proximity requirement.

There are other issues within the CWA, such as missing awareness of places like restaurants and public transport, and a health system that lacks fast test reports. We should care about real problems instead of claiming security issues that barely have an impact on average users.

Talk ID
11378
Event:
rc3
Day
1
Room
rC1
Start
6 p.m.
Duration
00:40:00
Track
Ethics, Society & Politics
Type of
lecture
Speaker
jiska
Talk Slug & media link
rc3-11378-exposure_notification_security

Talk & Speaker speed statistics

Very rough underestimation:
152.9 wpm
845.7 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  
100.0% Checking done100.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
152.9 wpm
845.7 spm
bluetoothexposuresmartphonenotificationsdataissuepeopleapptimewi-fisignalexploitserverspecificwormdevicescontactapiappleattackattackerprivacywirelessbatterypositivemeasureworkcourseaccesssecurityexamplebuilddevicebitgooddirectionmeasurementtracingpseudonymsnotificationriskioswaveaccelerometerdistancejiskatesttechnologybugphysical