From 678d335559ebf1457addcf35d77ea8488d9ed8ba Mon Sep 17 00:00:00 2001 From: Maximilian Lenkeit Date: Thu, 1 Apr 2021 09:47:52 +0200 Subject: [PATCH] docs(evreg): align spelling to TeleTAN --- event_registration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/event_registration.md b/event_registration.md index 10d3a69..e9d741b 100644 --- a/event_registration.md +++ b/event_registration.md @@ -46,7 +46,7 @@ The proposed solution turns check-ins of the user into warnings and cannot verif An adversary can target specific venues by obtaining the respective QR code and pretending a check-in. If the adversary also obtains the authorization to submit the check-ins to the CWA Server, false warnings would be issued for these venues. -The difficulty of this attack is dominated by the difficulty of obtaining authorization to submit check-ins. This is currently only possible with a confirmed positive test for SARS-CoV-2 or by obtaining a Tele TAN from the hotline. While a confirmed positive test is difficult obtain without putting oneself at risk, a valid Tele TAN can be obtained for example by Social Engineering. +The difficulty of this attack is dominated by the difficulty of obtaining authorization to submit check-ins. This is currently only possible with a confirmed positive test for SARS-CoV-2 or by obtaining a TeleTAN from the hotline. While a confirmed positive test is difficult obtain without putting oneself at risk, a valid TeleTAN can be obtained for example by Social Engineering. To mitigate the risk, CWA only allows a certain number of check-ins per day. This prevents to scale such an attack by a single adversary across a multitude of venues.