The official smartphone app that everyone participating in the World Cup is obliged to install is 'like handing over the keys to the house to the Qatari authorities,' security experts warn
At the
Everyone going to the World Cup must have this app - experts are now sounding the alarm – NRK Sport – Sportsnyheter, resultater og sendeplan
https://www.nrk.no/sport/everyone-going-to-the-world-cup-must-have-this-app---experts-are-now-sounding-the-alarm-1.16139267
' Ehteraz ' is a contact confirmation application for the new coronavirus infection (COVID-19), and ' Hayya ' is an official World Cup application that allows people who get tickets for the game to use the Qatar subway for free. The two apps, Ehteraz and Hayya, are being analyzed and investigated by Oyvin Vasarsen, security officer at NRK , a Norwegian public television and radio station, and IT security companies Bouvet and Mnemonic.
An investigation revealed that Ehteraz, which is required to be installed by anyone over the age of 18 traveling to Qatar during the World Cup, requires a number of permissions on the smartphones on which it is installed. With the requested permissions, you can read and delete all content on your installed smartphone, change all content on your device, access Wi-Fi and Bluetooth, overwrite other apps, and put your device to sleep. prevention is possible.
Hayya doesn't ask for as many permissions as Ehteraz, but it's still installed with almost no restrictions. It will be possible to prevent it and display the network connection of the phone.
Vasarsen, who conducted a survey of two apps for NRK staff heading to the 2022 FIFA World Cup coverage, said, ``If you install the two apps, you are deemed to have agreed to the terms stated in the contract. The terms are very permissive, basically agreeing to hand over all the information on the smartphone, and giving the people who control the app the power to retrieve and change the information. Also, with this power, it will be possible to obtain information from other apps.'
Therefore, Mr. Vasarsen said, ``This is like a promise to the Qatari authorities that you have no problem entering the house.The Qatari authorities have the key to enter your house. And you don't know what the authorities are doing there. No, but you have to pass that chance.Is that possible?', questioning Hayya and Ehteraz's specifications.
Ehteraz, a COVID-19 contact tracing app, has been particularly criticized. This apparently requires more authority than the contact confirmation app Smittestopp released by the Norwegian government. Therefore, if the public health authorities who operate Ehteraz are even slightly malicious, ``By using a lot of the information that the app collects, it will be possible to do a wide variety of bad things,'' Vasasen said. pointing out.
Bouvet's Martin Gravark said Ehteraz's ability to track a user's location and see who they've met and talked to 'is a great way to hunt dissidents, gays, and other people you don't like.' An app like this helps a lot.'
Also, according to Mnemonic's analysis, Ehteraz processes data specifically about GPS and location information, so it is likely to be abused. Also, at the time of writing the article, there were no signs that Ehteraz would change the data stored locally on the smartphone. However, Mnemonic warns, 'It's possible that such a feature just hasn't been implemented yet.'
Naomi Lynphet, a research fellow at the University of Oslo Faculty of Law, also reviewed Ehteraz and Hayya in response to NRK's request, saying, ``You can't just agree to some of the access rights, all at once. I have to agree, if my understanding of the app is correct, there is no option to change permissions, so if you want to go to the World Cup, you have no choice but to use it. This is a forced app with no choice.' Furthermore, he says, 'If you are an employer, you are prohibited from bringing your work smartphone to Qatar.'
In addition, NRK has submitted a report summarizing the security vulnerabilities in Ehteraz and Hayya to the World Cup organizer, the Federation of International Football Associations (FIFA), but FIFA is not aware of this matter at the time of writing the article. He has declined to comment.
Related Posts:
