Since the beginning of the COVID-19 pandemic, scientists and health authorities have relied on contact-tracing technologies to help manage the spread of the virus. Yet there’s a major flaw in a framework that many of these mobile apps utilize – one that attackers could exploit to ramp up false positive notifications.

Apps powered by the Google/Apple Exposure Notification framework (GAEN) are widely available in many countries and operate more efficiently in your phone’s background. TDAI Affiliate Faculty member Anish Arora and TDAI Core Faculty member Zhiqang Lin said they found that these apps are susceptible to geographically based replay attacks, which is when a third party captures a user’s broadcasted contact-tracing phone data from one area and exploits it by repeatedly transmitting it in another far-away location. Read the full story here.