The final report of the public security test can be found here:
CSIRT FOITT and GovCERT.ch have tested all components of the Swiss Proximity Tracing System for several weeks. A Risk Estimation and Recommendations can be found here:
The following appendix gives an overview of the vulnerabilities CSIRT FOITT and GovCERT.ch have found and passed to the project for fixing.
During the public security test, various testers mentioned that the risk of so called replay attacks exists and could pose a serious threat to the application. We would like to shed a bit light on these types of attacks in order to show the actual threat that may originate from this type of attack.
Since report [INR-4434] contains a bundle of topics, we have compiled them and assessed them separately. You can find our summary here:
Last modification 25.06.2020