HackDig : Dig high-quality web security articles for hackers

Proposed government Coronavirus contact tracing app leaked data

2020-04-20 08:55

A contact tracking app for the Coronavirus proposed to the government of the Netherlands is affected by security issues that could expose user data.

Technologies play a crucial role in the containment of the Coronavirus outbreak, especially contact tracing applications that could pose a threat to user privacy. The app, called Covid19 Alert, was one of seven applications presented to the Ministry of Health, Welfare, and Sport.

“A data breach was found in the corona app Covid19 Alert. The app is one of the seven possible corona apps for the Netherlands and was presented this weekend to the Ministry of Health, Welfare and Sport.” reported the RTL Nieuws website.

The Covid19 Alert mobile application was found leaking user data, experts found the issue after its code was published online during the weekend to allow the experts to analyze it.

The source files included a database from another application that was part of a project of the software house Immotef. This database contains data from Dutch users of that app. According to experts, the error is really gross, they marveled at how this app was submitted to the authorities for their scrutiny.

“This is just very amateurish,” an expert who wants to remain anonymous told to the newspaper. He, along with other experts, is analyzing the source code of the proposed contact tracing apps. “There is so much wrong with this app, I don’t understand that it got through the selection.”

The app was found containing close to 200 users’ records, including full names, email addresses, and hashed user passwords. 

The data breach is the result of an error, this is what a spokesman from the company behind the Covid19 alert app claims, meantime the incident was reported to the Dutch Data Protection Authority and the ministry.

“We released the code as soon as possible,” said a spokesperson for Covid 19 Alert. “In that process, we accidentally put this data online.” 

The development team is working to fix the security and privacy issue and announced that it will go on with the selection process.

Experts also made other reflections on the use of the blockchain of the corona app, that leverages the blockchain of Digibyte, a cryptocurrency that has value just like Bitcoin. 

Google and Apple recently announced a joint project for the development of a Coronavirus ‘contact tracing’ tool for mobile devices.

Contact tracing technologies played an essential role in the containment of the pandemic in several countries, including South Korea, Singapore, Israel, and other nations.

Google and Apple have joined forces to develop a contract-tracing tool to face COVID19 pandemic, the IT giants are expected to release an API that could allow government agencies can integrate into their applications.

The companies plan to design a built-in system-level platform that uses Bluetooth low energy (BLE) beacons to implement an “opt in system” contact tracing technology.

Pierluigi Paganini

(SecurityAffairs – Contact tracing app, mobile app)

[adrotate banner=”13″]

The post Proposed government Coronavirus contact tracing app leaked data appeared first on Security Affairs.


Source: mth.kael-atad-ppa-gnicart-tcatnoc-surivanoroc/di-latigid/419101/sserpdrow/oc.sriaffaytiruces

“Proposed government Coronavirus contact tracing app leaked data”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud