Replay attack "in the past"

4 min read Original article ↗

Dear all,

As I will explain in this post I tried successfully to achieve a replay attack against myself, that is to make my phone receive a fake risk notification and in doing that I also identified what can be seen as an additional attack.

First of all, I remark that I did everything for research and study purposes. I discourage everyone to redo and replicate the attacks described in this post.
However, I think I may help the community and authorities to improve contact tracing apps disclosing the details. In fact, disclosing and making evident these vulnerabilities should motivate political authorities to take decisions like stopping contact tracing apps at all during key events like voting as suggested by Gennaro et al. ( https://static1.squarespace.com/static/5e937afbfd7a75746167b39c/t/5f47a87e58d3de0db3da91b2/1598531714869/Exposure_Notification.pdf ) or taking serious countermeasures or taking in consideration the adoption of alternative protocols proposed by several researchers worldwide.

What I did is the following.

  1. I wrote this software: https://drive.google.com/file/d/1GJhsCyYheVM5LfZljsmMJLZNN1XhitAj/view?usp=sharing that can be used to generate from real TEK files published on the Immuni's server some RPIs+corresponding date/time. I use the software to generate such a pair of RPI+corresponding time/data (actually I also generate an encrypted metadata).

  2. I wrote this software for Arduino to being used with an ESP32 device endowed with an SD card: https://drive.google.com/file/d/1KswnCByRhQlqlCN_ay68mn2FdE6b8kNc/view?usp=sharing
    I compile this software in the firmware of the ESP32's device. I save the pair RPI+encrypted metadata generated by the software at step 1 in a file in the SD and I start broadcast as described in the comments of the code (more details can be found reading the code and in the comments therein).

  3. I deleted every data and the cache from the Immuni app on the phone's victim (my own phone) and I also deleted all checks and data from settings->google->exposure notification. I uninstalled Immuni and I reinstalled it and soon after I disconnected the phone from Internet (but with bluetooth activated).

  4. I sent the victim's phone (my own phone) "back to the past" by setting the phone's date/time to that date/time. B

  5. After 10 minutes I did the same as in step 1-2 for the subsequent RPI (in temporal order) to be sure that the victim's phone receive at least two valid RPIs for more than 15 minutes. That is, if the first RPI were for 1 Sep 2020 1:00AM, I generate the next RPI for 1 Sep 1:10AM.

  6. After about 20 minutes, I stopped broadcast and I stopped the bluetooth on the phone.

  7. I sent the phone "back to the future" by restoring the correct time/date and I rebooted the phone and then I reactivate Internet.

  8. After some minutes the phone received a risk notification as you can see here: https://www.youtube.com/watch?v=ew_r09OTYT8&feature=youtu.be

Beyond being a simulation of replay attack, this is an attack in itself. For instance, if somebody can have your phone for few seconds can change your time/data and then start broadcast and later when possibly the date/time will be restored by yourself or by the attacker you will receive risk notification. There are many real life situations where people hand their phones to other people.
Some people could be even interested in performing the attack against themselves: in fact, they could need to have the risk notification to not work and stay at home, etc.

The ease of mounting this attack should urge authorities to study countermeasures or reconsider the meaning of risk notification.

I remark again that nobody should use the software and the explanation I gave here for malicious and illegal purposes and maybe should not be used at all.
Moreover, mounting the attack alterates the counter of the Ministry of Health, so this shows that this counter may be unreliable and should not be used for official statistics. Furthermore, I recall that it is currently practically impossible for authorities to know whether a notification of risk notification is real or fake since the the risk notification are anonymous by design.

I also take the opportunity to spur Ministry of Innovation to study alternative solutions that withstand this and other known attacks. Research is fundamental for the progress. Several researchers in Italy and abroad proposed alternative solutions that should be considered in view of current and potential future attacks against GAEN.

Kind regards