Introduction

When Google and Apple announced their mutually compatible Exposure Notification System (ENS) to combat COVID-19, it was the first hope of a unified contact tracing method. Phones periodically exchange data over Bluetooth to log which other phones are in proximity to it. My first thought, obviously: what would happen if you use a bigger antenna?

Some information about ENS

There are two independent parts to the process of delivering notifications to closely related users

  1. Logging which phones have been in proximity of each other
  2. Delivering the actual notifications and/or acting on them if someone tests positive.

Only the first part is handled by Apple and Google. Countries have to handle the second part by creating their own app built on top of the ENS API. The measures countries take are completely up to them: the Dutch voluntary CoronaMelder app only sends you a notification to advise you to stay home for two weeks, while people in India can be fined with up to six months in jail if they do not have the Aarogya Setu app or do not follow its advice.

The logging of proximity between phones happens via cryptographic keys that rotate every 15 minute. This means that you cannot track where individual users are. If someone tests positive for COVID-19, they can voluntarily grant the government access to their rotating keys. The government can then notify users of the app if they came into close proximity with the infected user.

Scenario 1: receiving packets over a larger distance

If a user is infected and he/she releases his rotating keys, it is possible to chain these together to log where he/she has been in the last days, and even figure out his/her identity. This flaw is inherent to contact tracing apps and has been described in other articles (here’s an article from Wired, for example), so we will not explore this scenario further.

Scenario 2: sending packets over a larger distance

Transmitting your own exposure notification packets is simple. You can use a HackRF One to send arbitrary Bluetooth LE packets. Combined with a linear power amplifier, you can send Bluetooth LE exposure notification packets to an entire building for less than 500$. The possibilities with this setup are endless: what would happen if a big proportion of the members of the Dutch parliament got notified that they might be infected with COVID-19? Or, if you place your antennas in an airport, what would happen if pilots are not allowed to fly anymore because they got a notification that they might be infected? This assumes that you are able to share your rotating keys with the government. I do not think that would not be that difficult, though. You could pay someone who tested positive to upload your key instead of their own key, for example. With a time investment of a few hours and somewhere in the neighborhood of 500€ worth of transceiver equipment, one could relatively easily cause chaos.

Possible mitigations

Apple and Google could use time of flight (ToF) information instead of signal strength to judge distance between devices. You cannot get around the speed of light by using a bigger antenna. The hardware is clearly capable: Apple already uses ToF information to unlock a MacBook if the user’s Apple Watch is in close proximity, for example. This might have a more significant effect on users’ battery life than the current approach, I do not know enough about Bluetooth to make statements on this.

Conclusion

Even though an attack of this nature might not be that feasible or purposeful in the real world, I do not understand why Apple and Google have chosen to use signal strength as a metric instead of ToF. It seems like a relatively easy measure to avoid a whole range of attacks with no downside.