UK’s contact-tracing app found 7 security flaws after security testing
The UK is developing a contact-tracing app for tracking of ‘positive’ Coronavirus patients around the world. The UK had planned to work with Google and Apple for this project so that it would cover maximum people, but now has left them and developed the app individually. The reason behind Google and Apple being left out was because they wanted their API model to be ‘Decentralized’ meaning all the data processed would stay local to the users’ device.
The UK decided to build a ‘Centralized’API model meaning that the data would stay into a central server as it will be easier to analyze the data stored.
The UK had also arranged a team of cybersecurity experts to test the security of the contact-tracing app. According to the Business Insider Blog post, two cybersecurity experts namely Dr. Chris Culnane and Vanessa Teague had published a report on Tuesday that the app resides 7 security flaws.
The contact-tracing app once downloaded generates a unique ID that changes every day, after this, it sends Bluetooth signals to other smartphones with the app and receives the data in a log and sends a notification about that. The notifications show the details about that user which stored for 2 weeks.
One of the 7 flaws detected by the experts is that it allows hackers to intercept notifications and either block them or send out bogus ones telling people they’ve come into contact with someone carrying COVID-19.
The experts also detected that unencrypted data stored on users’ handsets could feasibly be accessed by law enforcement. Although the UK government has insisted the data would be used for nothing other than its COVID-19 response, a group of 177 cybersecurity experts has already called on it to introduce safeguards protecting the data from being repurposed for surveillance.
According to the report, UK said once all the flaws will be fixed and the app will be ready to go then only the app will be officially available. The Unique ID generated by the app is the main flaw that allows hackers to come in, Moreover Google and Apple had the same process but the IDs would change every 10-20 minutes so that it becomes difficult for hackers to enter.
What are your views regarding the UK’s contact-tracing app? do mention in the comment section below.