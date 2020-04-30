Security Implications Of Covid-19 Contact-tracing Mobile Apps – Experts Commentary

According to reports, the UK government’s Covid-19 contact-tracing app remains on schedule for launch in May despite ongoing privacy concerns and only recently passing through alpha testing, leading UK scientists told MPs.

EXPERTS COMMENTS
David Emm, Principal Security Researcher ,  Kaspersky
April 30, 2020
Privacy concerns are critical to an app’s success and in this instance, the data should be handled in a balanced way.
New forms of technology, such as the NHS contact tracking app, are currently being implemented in order to help manage the country’s response to the pandemic and to help save lives. With the prospect of the government using the app to collect sensitive health data about the population on a mass scale, it’s of vital importance that this information is managed correctly, and is properly secured ....
Samantha Isabelle Beaumont, senior security consultant at Synopsys, Senior Security Consultant ,  Synopsys
April 30, 2020
There also needs to be a mechanism in place to ensure the validity and integrity of that data.
Tracing applications that allow attackers to access a user’s Bluetooth also allows them to fully read all Bluetooth communications. This includes items in the user’s car, music they listen to, household IoT devices, and more. Users can protect themselves by limiting the number of applications they download, by limiting the number of Bluetooth items they pair, by limiting the number of Bluetoot ....
Joshua Berry, Associate Principal Security Consultant ,  Synopsys
April 30, 2020
The larger concern that I have regarding the use of such applications is with regard to privacy.
Contact tracing applications use Bluetooth Low Energy (BLE) advertisements to send and collect messages to identify contacts made with other users. In general, the reception of messages can present an opportunity for an attacker to send malformed data that could be mishandled by devices and applications. This is one way that a device could be compromised. However, in the case of a contact tracking ....
