- A remote crash exploit on COVIDSafe 2.0 (Android).
- CVE-2020-14292. Identity address leakage through bluetooth transport.
- CVE-2020-12856. A silent pairing issue affecting the Android version of COVIDSafe app v1.17 and earlier versions. Joint work with Jim Mussared.
- RPI linkage vulnerability in Google's implementation of EN. Joint work with Zak Brighton-Knight and Jim Mussared.
- Out-of-sync RPI rotation. Joint work with Zak Brighton-Knight.