Automated contact tracing is a key solution to control the spread of airborne
transmittable diseases: it traces contacts among individuals in order to alert
people about their potential risk of being infected. The current SARS-CoV-2
pandemic put a heavy strain on the healthcare system of many countries.
Governments chose different approaches to face the spread of the virus and the
contact tracing apps were considered the most effective ones. In particular, by
leveraging on the Bluetooth Low-Energy technology, mobile apps allow to achieve
a privacy-preserving contact tracing of citizens. While researchers proposed
several contact tracing approaches, each government developed its own national
contact tracing app.
In this paper, we demonstrate that many popular contact tracing apps (e.g.,
the ones promoted by the Italian, French, Swiss government) are vulnerable to
relay attacks. Through such attacks people might get misleadingly diagnosed as
positive to SARS-CoV-2, thus being enforced to quarantine and eventually
leading to a breakdown of the healthcare system. To tackle this vulnerability,
we propose a novel and lightweight solution that prevents relay attacks, while
providing the same privacy-preserving features as the current approaches. To
evaluate the feasibility of both the relay attack and our novel defence
mechanism, we developed a proof of concept against the Italian contact tracing
app (i.e., Immuni). The design of our defence allows it to be integrated into
any contact tracing app.