It turned out that there was a flaw in the new coronavirus contact tracking application that exposed the data of 1 million people to the outflow risk

While the new coronavirus is rampant all over the world, some countries have developed an 'app that tracks people infected with the new coronavirus' using location information of smartphones. In Qatar, which is located in the eastern part of the Arabian Peninsula, an application called ' Ehteraz ' is used to track new coronavirus infected people, but there is a security flaw in this application and there is a risk of leakage of about 1 million user data Were reportedly exposed to.

Qatar: Contact tracing app security flaw exposed sensitive personal details of more than one million | Amnesty International

Qatar's contact tracing app put over one million people's info at risk | Engadget

Qatar makes COVID-19 app mandatory, experts question efficiency | Qatar News | Al Jazeera

Qatar tracing app flaw exposed 1 mn users' data: Amnesty

Early identification of people who are in contact with people infected with the new coronavirus and measures to prevent further spread can help control the new coronavirus infection. As a result, new coronavirus tracking apps are being developed in some countries, and the government is asking the public to install them.

In Qatar, which has a population of 2.75 million people, 1.7% of the total population at the time of writing was over 47,000 people infected with the new coronavirus, resulting in 28 deaths. Therefore, the government of Qatar has obliged the public to install an application called 'Ehteraz' on smartphones from the end of May 2020. It is said that if you go out without installing the application, you may be fined up to $ 55,000 (about 5.9 million yen) or imprisoned for 3 years, but an application that uses GPS and Bluetooth Were pointed out to have privacy concerns.

In response to this point, the Qatar government said that user data is safe and cannot be accessed by anyone other than medical personnel, no data can be accessed by law enforcement agencies, etc., and the collected data will be discarded for two months. Insists. `` We have made sure that the user data for the Ehteraz app is completely confidential and only accessible to relevant professional teams when needed, '' said Dr. Mohamed bin Hamad Al Thani, Director of Public Health, Qatar. I am.

However, according to a statement released by human rights group

Amnesty International on May 26, Ehteraz had a security flaw. If a malicious hacker uses this flaw to launch an attack, there was a risk that data such as the name, national ID, health status, location information of more than 1 million users who installed the application would leak out. ..

Ehteraz has a mechanism to upload the collected user data to a central database and store it, but it seems that this central database had a security problem. Amnesty International, who discovered a security flaw on May 21, immediately notified Qatar authorities. The authorities reportedly started to fix the problem, and the fix was completed on May 22, the following day, and the app was comprehensively updated on the 24th.

`` While Qatar's authorities have responded quickly to this problem, Qatar's contact tracking app is a large, easy-to-use malicious attacker, '' said Claudio Guarnieri, Head of Security Labs at Amnesty International. There were security weaknesses and fundamental flaws. ' Guarnieri believes that the event should be a warning to governments around the world rushing to release contact tracking apps that are poorly designed and privacy protected.

Many countries are considering using technology to prevent the spread of the new coronavirus, with more than 45 countries developing or planning new coronavirus tracking apps at the time of writing, according to Amnesty International. That. 'For technology to play an effective role in virus tracking, people need to be confident that contact apps protect their privacy and human rights,' Guarnieri said.

in Mobile,   Software,   Security, Posted by log1h_ik