This site is intended for UK healthcare professionals
Medscape UK Univadis Logo
Medscape UK Univadis Logo
News

New tool reveals security and privacy issues with contact tracing apps

As an exception during this period of health crisis, some of the publications mentioned are at the time of writing still in pre-publication, undergoing peer review and subject to change. The results of this pre-print study should be interpreted with utmost caution.

Researchers from Queen Mary University of London have developed a tool to identify security and privacy risks associated with COVID-19 contact tracing apps.

COVIDGuardian, the first automated security and privacy assessment tool, tests contact tracing apps for potential threats such as malware, embedded trackers and private information leakage.

Using the COVIDGuardian tool, cybersecurity experts assessed 40 COVID-19 contact tracing apps that have been employed worldwide for potential privacy and security threats. They found that 72.5 per cent of the apps use at least one insecure cryptographic algorithm.

Three quarters of apps contained at least one tracker that reports information to third parties such as Facebook Analytics or Google Firebase. One was discovered to have malware.

Following their analysis, the researchers released the results to vendors. Further testing later found that privacy and security weaknesses on four apps had been fixed, and one vulnerable app was no longer available.

Dr Gareth Tyson, Senior Lecturer at Queen Mary University of London, said: "With the pandemic there was a rapid need for contact tracing apps to support efforts to control the spread of Covid-19. Unsurprisingly we found that this had resulted in some relatively mainstream security bugs being introduced worldwide. Some of the most common risks relate to the use of out-of-date cryptographic algorithms and the storage of sensitive information in plain text formats that could be read by potential attackers."

"Our work is helping developers to address these problems. Through COVIDGuardian we've produced a tool that can be used by developers to discover and fix potential weaknesses in their apps and share guidelines that will help to ensure user privacy and security is maintained," he said.


References


YOU MAY ALSO LIKE