{"id":"CVE-2020-13702","details":"The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.","modified":"2026-04-02T04:09:30.013122Z","published":"2020-06-11T19:15:10.073Z","references":[{"type":"ADVISORY","url":"https://blog.google/documents/70/Exposure_Notification_-_Bluetooth_Specification_v1.2.2.pdf"},{"type":"FIX","url":"https://github.com/google/exposure-notifications-internals/commit/8f751a666697"},{"type":"FIX","url":"https://github.com/google/exposure-notifications-internals/commit/8f751a666697c3cae0a56ae3464c2c6cbe31b69e"},{"type":"EVIDENCE","url":"https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf"},{"type":"EVIDENCE","url":"https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf"},{"type":"EVIDENCE","url":"https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/google/exposure-notifications-internals","events":[{"introduced":"0"},{"fixed":"8f751a666697"}]},{"type":"GIT","repo":"https://github.com/google/exposure-notifications-internals","events":[{"introduced":"0"},{"fixed":"8f751a666697c3cae0a56ae3464c2c6cbe31b69e"}]},{"type":"GIT","repo":"https://github.com/google/exposure-notifications-internals","events":[{"introduced":"0"},{"fixed":"8f751a666697"}]},{"type":"GIT","repo":"https://github.com/google/exposure-notifications-internals","events":[{"introduced":"0"},{"fixed":"8f751a666697c3cae0a56ae3464c2c6cbe31b69e"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2020-05-29"}]},{"events":[{"introduced":"0"},{"last_affected":"2020-05-29"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13702.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"}]}