Teardown Of The Singaporean COVID-19 TraceTogether Token

A large part of fighting against the SARS-CoV-2 pandemic is the practice of contact tracing, where the whereabouts of an infected person can be traced and anyone who has been in contact with that person over the past days tested for COVID-19. While smartphone apps have been a popular choice for this kind of tracing, they come with a range of limitations, which is what the TraceTogether hardware token seeks to circumvent. Now [Sean “Xobs” Cross] has taken a look at the hardware that will be inside the token once it launches.

The Simmel COVID-19 contact tracer.

Recently, [Sean] along with [Andrew “bunnie” Huang] and a few others were asked by GovTech Singapore to review their TraceTogether hardware token proposal. At its core it’s similar to the Simmel contact tracing solution – on which both are also working – with contacts stored locally in the device, Bluetooth communication, and a runtime of a few months or longer on the non-rechargeable batteries.

The tracing protocol used is BlueTrace, which is an open application protocol aimed at digital contact tracing. It was developed by the Singaporean government, initially for use with their TraceTogether mobile app.

This smartphone app showed a number of issues. First is that Apple does not allow for iOS apps to use Bluetooth in the background, requiring the app to be active in the foreground to be useful. Apple has its own tracing protocol, but it does not cover the requirements for building a full contact graph, as [Andrew] covers in more detail. Finally, the app in general is not useful to those who do not have a recent (compatible) smartphone, or who do not have a smartphone at all.

A lot of the challenges in developing these devices lie in making them low-power, while still having the Bluetooth transceiver active often enough to be useful, as well as having enough space to store interactions and the temporary tokens that are used in the tracing protocol. As Simmel and the TraceTogether tokens become available over the coming months, it will be interesting to see how well these predictions worked out.

65 thoughts on “Teardown Of The Singaporean COVID-19 TraceTogether Token

  1. Whatever problems the phone software might have, everyone has one. Nobody has this hardware. Even if given away for free, how would you convince people to carry this with them?

    1. > how would you convince people to carry this with them?

      By having a well-educated population that hasn’t been brainwashed out of the concept of social responsibility.

      1. The concepts of privacy and freedom of association are part of social responsibility. And even if this respected it, your statement is impotent and does about as much good as shaking your fist at the sky for raining on you. “Oh we should just have a population that always does the right thing, that’ll do it.” How do you propose that happens? You’re effectively just moaning about the people around you, being a misanthrope. That’s not socially responsible or empathetic, is it?

        Corona is a real and serious situation, but people like you have kind of crypto-politicized it and used it as nothing more than an armband showing which party is which, and that has doomed us. By making the response inherently critical, we’ve guaranteed that none of these schemes will ever be adopted by about half the population no matter what we do. And that means they will never work. Great.

        1. Are you saying the person moaning about his/her neighbors is the misanthrope or the people he/she is moaning about are the misanthropes?

          Logically, the people not caring about everyone around them should be be the misanthropic ones, but you seem to be pointing the finger in the wrong direction, thus my confusion.

      2. > By having a well-educated population that hasn’t been brainwashed out of the concept of social responsibility.

        I think that population would assert self-control anyway, and take the appropriate measures out of their own volition.

        The fact is that nobody has a well-educated population, although some have a better educated population than others. And the badly educated part of the population will simply ruin everything. So, either we live with the consequences, or we force that uneducated part to comply.

        The only solution is to educate everyone. Sadly, not every country takes that seriously. These days, you can probably judge the level of education of a country by how successful they are in keeping COVID19 under control. Because you can’t keep it under control if people have no clue of the consequences of what they are doing in their day to day life.

      3. It is quite easy. Stay at home if you do not want to wear one, and wear one like wearing a mask when you are out. For some this is common sense with no convincing. For those who do not want to follow then they have put their rights above others, and they shall have to face the law. Thing works a bit different in the East Asia Cultured country, vast majority accept responsibility and place group welfare above individual welfare. As for the other culture, they would have to figure a method that work for them. And if there is an example to see, maybe it is easier to sell.

      4. I can see a LOT of reasons why people wouldn’t want to carry around a tracking beacon. (I know it’s not actually the same as a tracking beacon on a technical level, but try explaining that to non-technically inclined).

        Widely publicized abuse from law enforcement officers/excess surveillance/current protests and what happened at them come to mind…

        1. We only have the illusion of privacy from tracking, or did you not see that huge discussion a few months back about the phone tracking datasets? At least this token is a tangible device that can be discarded or returned when the danger is over. It’s not implanted into your forehead.

        1. Or maybe a population that is educated, not an evil death cult, and recognizes that they can carry a token around for a couple months and then discard it and regain their privacy when the danger is over.

    2. On the contrary, this was developed precisely because not everyone owns a smartphone, particularly the most vulnerable populations in society (the poor, the elderly), Convincing people is certainly hard, but perhaps not as hard as you think in a society such as Singapore’s where there is a certain baseline level of trust in the government. Furthermore, the adoption rate of the TraceTogether app – over 2 million users in a population of over 5.5 million – is not to be sniffed at. This token also solves the battery-draining problem of the TraceTogether app, too – so I think we can expect adoption rates to be even better.

    3. Just as with masks – carrying this helps preserve jobs, (and opportunities to socialize, greater range of activities, etc.) It reduces the chance of having to close down whole cities/states/countries. (If it works.)

      Economists and public health psychologists can probably come up with more compelling ways to package that message.

      With chickenpox vaccine, pointing out the reduction in time off required for the parent(s) was found to be effective in messaging. (Parents were not as concerned about the health impact on their children, or the potential for future painful and sometimes debilitating shingles, but pointing out how much work time parents lost when caring for children sick with chickenpox made the case more persuasive.)

        1. Calling it “flu” is as accurate as calling tonsilitis “herpes.”

          When you have a sore throat, would you call in sick from work saying you have herpes? So why call coronavirus the flu?

          I’m also replying to the replies here, but wordpress doesn’t seem to allow replies to deeply nested comments :-)

    4. > Whatever problems the phone software might have, everyone has one.

      And that’s the basic problem. Everyone has one, every phone is registered to a name, nobody really knows all of the software that’s running on the phone, and some operating systems routinely send your location out.

      So, maybe it’s actually possible to make an app that is also 100% privacy secure. But the apps will have updates. And at some point, something will be slipped-in that breaks privacy. It’s just too good of a chance to just let slip, and not even try to get all that private information.

      There is no reason for anyone to register their name with this device. Just put up a box of these devices, and let people pick a random one up for free.

      Of course, there is still the possibility of putting a camera up, and scanning the device at the same time to match the image with a device. Through image recognition, you could then find out who the person is.

      But at least the people who want this information would have to set up an infrastructure and have access to a database of faces and name/addresses. You would either have to be the local security services, or a supervillain, to do such a thing. Costs a lot of money, and that info is probably not worth it, except possibly for secret services.

      Anyway. This device is a tracking device, so can be used for anything that needs tracking. Just like your phone.

      1. No, you still need some way to associate the tags with their holders, or it’s not even usable for it’s stated purpose. The trick is ensuring that only the health services who are doing the tracing can get your contact details, and only when they’re tracing an active set of infections.

        A physical tag has the benefit of doing this while giving you the option of not taking it with you temporarily or destroying it and it’s stored data if you decide you don’t want anyone finding out who you have been associating with.

        And there’s no other transmitter hardware than bluetooth, so if the authorities can’t track you physically with it without conspicuously deploying a LOT of receiver hardware everywhere and tipping everyone off.

        1. The German tracing program works differently.

          You install the program on your phone, and it generates a unique ID. It broadcasts the ID all the time over Bluetooth.

          The program also listens all the time for other broadcasts, and remembers the IDs and the time it “heard” them.

          The program periodically asks (or maybe gets by push) a list of known ID from people with COVID.

          If your phone says you’ve been near an infected person, you get a warning that you might be infected. You can then go get tested (if you want) or just ignore the warning.

          Only the IDs are published – there is no central list matching people to IDs.

          If you test positive, the ID is published to the list, and everyone who was in your vicinity gets warned – without anyone ever knowing who infected who.

          Pretty decent privacy.

          Do a search for “Corona Warn App” and “Germany” – I found that posting links here causes the posts to be delayed by hours.

          —–

          That’s not to say that there’s no way to match a person to an ID, but you would have to collect IDs and match them to people locally. That is, something with Bluetooth to catch the ID and something else to identify the person (or phone) and connect the two IDs together.

    5. I agree – on top, even if we want to purchase it, it needs to be manufactured in billions; while billions of smartphones are already out there.
      I see it more as a backup solution, like for kids, elderly, etc. but in this case it will become difficult for them to use.

    6. Another way to help convince people to carry this – make the hardware and software readily available for public inspection (i.e., open).
      Many people might not care, but it would help gain trust of the techies (like us).
      It would also facilitate review by organizations like ACLU, EFF, etc.
      Which in turn would help build trust.

    7. I bought the phone I’ve got because of need… my previous one had a premature death. That was 5 years ago.

      I’ve seen others buy newer phones… and when in weak signal conditions, mine has outperformed theirs time and time again. I also see people reaching for the power cable after a few hours away from power, whereas mine seems to continue to run for days on a single charge.

      I stick by my phone because it does 100% of what I need it to do, does so without fuss, and works. Newer ones, from what I’ve seen… don’t work. Or at least, don’t work anywhere near as well.

      I don’t care for your 5Gbps download score from SpeedTest — I want something that will make/receive telephone calls (you know, voice traffic), the occasional text message, and serve as a moderate-speed (1~10Mbps) Internet link. The device I have does this just fine.

      Being 5 years old, it has Bluetooth 3.0. Bluetooth Low Energy is a Bluetooth 4.0 feature. The software also requires Android 6.0, and I’m stuck at Android 4.1. So it can’t run the BlueTrace protocol. Not ever.

      So yes, I have a phone, but the phone is useless for this task. By all accounts, having “the software” is only slightly better than useless.

      I know plenty who do not have a mobile phone — so your assertion “everyone has one” is patently false.

      I’ve considered making a device such as the one being torn down here, I was considering whether a ESP32 could be coded up with appropriate firmware to do it. Then the ESP32 could be re-purposed once a vaccine was out and COVID-19 was a non-issue.

      If I could buy any phone in the world, I’d be looking at the Kite (and yes, I have personally used one), since it’s open and hackable, so things that improve reliability like better antennas and larger batteries are easily doable.

      I don’t care to “upgrade” to a phone with poorer battery life and RF performance just because of your technical elitism.

    1. Citation needed for the contact tracing. The masks are proven, but people are making a leap for this one because “it sounds reasonable!”

      There’s plenty of situations where it has been implemented badly and only resulted in people’s personal lives getting aired out and ruining them without significantly lowering the spread of the virus. You people are too eager and not critical enough. Now all we do is label people conservative chuds if they’re against any part of the corona precautions whatsoever, or else they’re dumb libs if they’re for it. It’s like supporting the Iraq war in a way. All these “believe science” people don’t really mean science—they mean whatever gets trotted out, regardless of what it is or what dubious place it came from. That’s just gullibility.

      I definitely believe the disease is real and that countermeasures are needed, but we are fooling ourselves if we think all these totally unprecedented, untested, barely-studied mechanisms are scientific and rational! Who told us that a years-long global shutdown was a workable idea? A guy who studies the spread of viruses. Is that enough credentials? Of course it isn’t! That kind of enormous undertaking spans so many more disciplines other than epidemiology. Was it predictably very idealistic to expect a quarantine could last that long throughout the entire modern world? Yes it was! This was doomed from the start and anybody who thought about it critically could see that. All of these are opportunistic power grabs and half-assed attempts to avoid official accountability and blame, that’s it. None of it was meant to work.

      1. Test and trace has been proven to work, see corona stats for the Faroe Islands.
        Though that tracing done by people knowing whom they came in contact with and a high testing rate.

        Of course any tracking is a breach of privacy the question if a society accepts a breach of privacy in order to increase security.
        If you accept there are cameras in the banks and stores you frequent, then it should be obvious your hard line on privacy isn’t all that hard.

        With a coin cell hardware solution at least you know it’s time limited, compared to the government setting up cameras and or WiFi/Bluetooth sniffers, and or requiring cell tower data.

        1. In Belgium, the ministry of health has given the ‘anonymized’ cell phone data to some company for big data analysis

          https://www.levif.be/actualite/belgique/vos-donnees-gsm-peuvent-elles-aider-dans-la-lutte-contre-le-coronavirus/article-normal-1275387.html

          ‘Anonymization’ is a work around of GDPR, normally they should have asked people about the usage of their traces. And Anonymization can be defeated if correlated with other datasets.

          Since then, my cell phone is off, I removed the SIM and the battery.

          1. Doesn’t surprise me, I expect it to generate a load of junk data that has to be followed up manually, like 5 contacts for every intersection you pass through while driving, another 6 people waiting the other side of glass in the deli you walked by, the whole family in the flat above the corner store. So manual reporting, just the counterperson and custormers in corner store to check, technology “assisted” them and 30 irrelevant people.

      2. Contact tracing has been a routine practice in public health for many decades.

        Citations:

        Contact Tracing Is Harder Than It Sounds
        By Kate Murphy
        New York Times, May 5 2020

        Can Coronavirus Contact Tracing Survive Reopening?
        By Benjamin Wallace-Wells
        New Yorker, June 12, 2020

        Contact tracing is all about gaining people’s trust.

        A lot of people are very casual about trust – they will download all sorts of apps,
        they will use a credit card most anyplace (a great way of tracking somebody),
        they will carry a cell phone.

        How useful will devices like this be – untill we have some experience we can’t know for sure.
        They seem promising.
        Once we have some evidence from people using them, that will inform how useful they are.

        “Believe science” is not a helpful attitude, and saying that people who advocate for science are advocating belief in it is not helpful either.
        Science tells us what will work, whether we believe in it, or not.

        I was not saying that contact tracing apps had the same level of evidence of effectiveness as masks. Just that the same sort of pitch that is likely to work for masks is also likely to work for such apps.

        Gives people more freedom, gives them more chance to work/play/etc. while still helping to protect themselves and those around them, and reducing the need for large scale measures like lockdowns.

  2. Yeah, go jump in a burning building. There is no way to do this which respects privacy. I’ve seen all the little explanations and I understand them just fine, but you people aren’t used to thinking from an adversarial viewpoint AT ALL. You have no malicious imagination whatsoever. Cross-reference any of this data in the right way with plenty of readily-available and easily-acquired data sets on the public and it could all be deanonymized.

    And this further normalizes not only constant surveillance, but the erosion of our freedom of association. Whatever little scrap of that is left. And for all that, the evidence is really quite scant for contact tracing’s effectiveness versus other methods. THIS IS A 9/11-STYLE SURVEILLANCE GRAB. It’s opportunism. Don’t help these people! Don’t feel like you’re the most clever engineer in the universe and you can get it right! You will not. You don’t understand the basic motivation for these schemes. You aren’t clever and you aren’t a savior. You’re just somebody who tinkers with circuits and mediocre code. You should all be advocating for this stuff to be shunned and annihilated, not building it yourselves because you have the hubris of thinking you can do it in a privacy-respecting way. I don’t wanna hear about your brilliant cryptography scheme. It will be broken. PERIOD.

    1. I mostly agree with you here. Bunnie mentions in his blog the notion that if the government behaves poorly people can simply stop carrying these things, thus ensuring that the government behaves properly because they have a vested interest in their citizens’ health or at least the money spent on the fobs(?). This is especially valid when considering a key fob, and less so when considering an app since no one wants to throw away their expensive phones they paid good money for, but people wouldn’t mind throwing away free key fobs. However, as you allude to, once the cat is out of the bag, the damage is done. The pixies don’t go back into the box. A fob is better than an app, but both still present problems. Privacy is too quickly given away in today’s world, but who’s that a problem for? Really only for the people who know its sweet taste. If you’ve never experienced it, you don’t know what you’re giving up. People born after the common use of the internet don’t have the same expectations, and they’re the ones who are going to be hanging around when we’re all gone, so … who’s to say what should be done? Probably some experts on pandemics I guess.

    2. > There is no way to do this which respects privacy.

      Not entirely true. Because it’s not the system who’se task it is to respect privacy. It’s the people who operate the system, who have to respect privacy. And that is very much possible. I agree that it’s unlikely for them to do it, but it’s quite possible for them to respect privacy.

    3. I agree with this. Hell, earlier this year a man was wrongly arrested and imprisoned for 10 days because his Android phone’s location services (after LEOs forced Google to hand over the IDs of whoever was in that area) pinged him at the scene of a crime he happened to be walking past. That’s dystopian AF. Explain how the hell you could convince any Americans to carry around a tracking token. Especially with the protests and attention towards law enforcement abuse going on now. It’s a absolute non-starter, for good reason.

    4. “You should all be advocating for this stuff to be shunned and annihilated, not building it yourselves…” More accurately you should be devising countermeasures to deploy IF this sort of thing becoems mandatory and IF the imagined abuses start to come true.

  3. Yeah… nothing like tracking your subject’s every move to ensure complete obedience to the ruling party. Never seen anything like that before. It can’t possibly have negative consequences.

    1. Just because the protocol allows for a transmit strength range ,doesn’t mean that every device needs to be able to hit both endstops… Bog-standard BT4.0 had ample range for this, and that’s without going above 0dBm. A CR2032 would last a year or so for this sort of thing on the chips available ~10 years ago.

      1. @Alphatek: The thing Cyk is talking about is “+127dBm.”

        110dBm is 100 million watts.

        127 dBm is ‭5011872336 watts – that’s 5 gigawatts.

        Out of a CR2477 battery. Nope. Ain’t happening. Ever.

        Somebody misspoke or mis-typed a number.

  4. Tattoo the letter C on the foreheads of people that test positive with an ink that lasts 14 days. I agree voluntary testing and tracing will never work. Especially considering some nations have populations in the billions and many living hand to mouth.

        1. Seriously. If you’re going to mark people, don’t tatoo them. That’s cruel.

          “Permanent ink” isn’t permanent. Your skin sheds, and the permanent ink goes away after a few weeks or months.

          Magic markers and other supposedly permanent inks dye the surface you write on. Since your skin renew itself, the ink fades. After a while, the mark is gone. No scars.

          I wasn’t really agreeing with the need to mark people who test positive, just disagreeing with the supposedly “temporary” marking suggested.

  5. Could custom hardware also use infrared beacons to identify being in a shared airspace such as a pub, auditorium, or on public transport? Infrared doesn’t transmit through glass and walls to the same extent as Bluetooth. This would avoid the privacy intrusion of pubs and restaurants recording contact details of their customers to facilitate contact tracing.

  6. Talk about over reaction. This is a ‘state’ dream come true to track everybody…. And a segment of population onboard with it. It just doesn’t make sense…. And all over a media induced pandemic. Can’t believe we are even discussing this concept.

  7. So…
    Does this device actively download its contents (other devices it was in range with over the past x days, time and date of that contact?) upon a transmitted request, or does it have to be put into a device reader?
    Can the user plug it into the USB port of a computer and have that days contacts sent to a central location, and receive any
    notification if a “positive” contact has been made?
    In making its contacts, does it collect/transmit anything more than an ID number?
    Does it have GPS (the contact occurred at this location as well as time/date)?
    Is it attaching to cellular towers?
    Is it recording the least necessary amount of data, or is it recording every movement?

    As Singapore is a quasi-democracy/dictatorship, how much privacy have its residents already surrendered to its government?

    1. GPS, cellular – No (see teardown, and other publicity – precluded by power budget as well as the lack of devices).
      Least necessary data – tiny data storage, storing more than minimum would compromise function.
      USB port – No (does not have a connector).

      Connection to download data – not known – appears to either be bluetooth, or by a non-standard cable.
      (All this from reading the articles.)

  8. Ladies and Gentlemen, here you have in small the COVID problem that is happening world wide. Some people think that this is the worst health emergency in the last 100 years, and accept that they must sacrifice for the good of all; others see the government infringing on their rights, trying to exert its power. Both are correct, however you must consider two things. In most places the government is chosen by the people, and therefor can only push so far before they loose public favor and a new government is chosen. Also we are a global community. Sometimes you need to give a little for the good of others.

  9. Also of interest:

    Roland Turner
    TraceTogether Token Teardown Time!

    * There may be a hackathon/opportunity to develop open software for the device.

    I think his commentary on security are interesting.
    (Cost of delay to develop something better, etc.)

    Wearable TraceTogether Token: 57% Willing To Wear It. You Leh?
    Janelle Yong

    Suggests that enough people are willing to wear such a device to make it useful.
    Unfortunately younger people in this sample may be less willing, but (in other countries/examples) younger people (those in 20’s, e.g.) are more likely to take risks, and more likely to be in situations where they are exposed to virus.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.