DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

New tool reveals security and privacy issues with contact tracing apps

Posted on February 27, 2021 by Dissent

COVIDGuardian, the first automated security and privacy assessment tool, tests contact tracing apps for potential threats such as malware, embedded trackers and private information leakage.

Using the COVIDGuardian tool, cybersecurity experts assessed 40 Covid-19 contact tracing apps that have been employed worldwide for potential privacy and security threats. Their findings include that:

  • 72.5 per cent of the apps use at least one insecure cryptographic algorithm.
  • Three quarters of apps contained at least one tracker that reports information to third parties such as Facebook Analytics or Google Firebase.
  • Whilst most apps were free of malware, the Kyrgyzstan app Stop COVID-19 KG was discovered to have malware.

Following their analysis, the researchers released the results to vendors. Further testing later found that privacy and security weaknesses on four apps had been fixed, and one vulnerable app was found to no longer be available.

Dr Gareth Tyson, Senior Lecturer at Queen Mary University of London, said: “With the pandemic there was a rapid need for contact tracing apps to support efforts to control the spread of Covid-19. Unsurprisingly we found that this had resulted in some relatively mainstream security bugs being introduced worldwide. Some of the most common risks relate to the use of out-of-date cryptographic algorithms and the storage of sensitive information in plain text formats that could be read by potential attackers.”

“Our work is helping developers to address these problems. Through COVIDGuardian we’ve produced a tool that can be used by developers to discover and fix potential weaknesses in their apps and share guidelines that will help to ensure user privacy and security is maintained.”

User concerns

To support this work the researchers also performed a survey involving over 370 individuals to understand the likelihood that they would use a contact tracing app and highlight concerns around their use. The results suggested that the privacy and accuracy of contact tracing apps had the biggest impact on whether individuals would use the app.

As part of the survey, volunteers were also asked about their preferences with regards to decentralised and centralised apps.“Security and privacy concerns have been a big issue affecting the uptake of these apps. We were surprised that the debate around decentralised vs centralised apps didn’t seem so important and, instead, users were more focused on the exact details of what private information is collected. This should encourage developers to offer stronger privacy guarantees for their apps,” added Dr Tyson.

More information

  • Research publication: ‘An Empirical Assessment of Global COVID-19 Contact Tracing Applications’ Ruoxi Sun, Wei Wang, Minhui Xue, Gareth Tyson, Seyit Camtepez, Damith C. Ranasinghe.
  • The paper will be presented at the International Conference on Software Engineering on May 23-29 2021. A copy of the paper is available at: https://arxiv.org/abs/2006.10933.

Source: Queen Mary University of London

Related Posts:

  • Security flaw in Qatar's COVID-19 contact-tracing…
  • World Cup apps pose a data security and privacy nightmare
  • Researcher claims Pakistan Government’s #Covid19…
  • Sneaky Ways Wellness Apps Invade Your Privacy
  • NHS Health Apps Library closing amid questions about…

Post navigation

← Members of Identity Theft Ring Plead Guilty to Fraud Targeting Virginia ABC Stores
At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Proliance Surgeons notifying 437,392 patients after ransomware attack earlier this year
  • After $50 Million Breach, KyberSwap Faces Hacker’s Shocking Demands
  • Hendersonville city employees target of cybersecurity breach
  • Ukrainian gets 8-year sentence for running marketplace for Americans’ data
  • Some city data was stolen during cyber breach; full scope remains unknown, Long Beach says
  • More than 1 million Michiganders affected by Welltok cyberattack
  • Line operator says 440,000 personal records leaked in data breach
  • Ransomware group ‘Black Basta’ has raked in more than $100 million -researchers

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net