Banner Banner

Quantifying the Risk of Wormhole Attacks on Bluetooth Contact Tracing

Stefan Czybik
Daniel Arp
Konrad Rieck

April 15, 2022

Digital contact tracing is a valuable tool for containing the spread of infectious diseases. During the COVID-19 pandemic, different systems have been developed that enable decentralized contact tracing on mobile devices. Several of the systems provide strong security and privacy guarantees. However, they also inherit weaknesses of the underlying wireless protocols. In particular, systems using Bluetooth LE beacons are vulnerable to so-called wormhole attacks, in which an attacker tunnels the beacons between different locations and creates false contacts between individuals. While this vulnerability has been widely discussed, the risk of successful attacks in practice is still largely unknown. In this paper, we quantitatively analyze the risk of wormhole attacks for the exposure notification system of Google and Apple, which builds on Bluetooth LE. To this end, we dissect and model the communication process of the system and identify factors contributing to the risk. Through a causal and empirical analysis, we find that the incidence and infectivity of the traced disease drive the risk of wormhole attacks, whereas technical aspects only play a minor role. Given the infectious delta variant of COVID-19, the risk of successful attacks thus increases and may pose a threat to digital contact tracing. As a remedy, we propose countermeasures that can be integrated into existing contact tracing systems and significantly reduce the success of wormhole attacks.