We have known that Coronavirus has become a pandemic and a public health emergency all over the world. It is also seen that the virus has become deadly and many lives have been lost so far. Also, the fact that this virus spreads extremely quickly is another cause of concern which is why contact tracing apps have been developed by health authorities of different countries.
But we have also seen that most of these contact tracing apps either have privacy issues or security issues. Now, we have a report which suggests that Australia’s contact tracing app which is named COVIDSafe also had a major security issue.
The allegations are also that the authorities knew that there is a vulnerability inside the app but even then they went ahead and made the app live. Researchers say that Android vulnerability in COVIDSafe allowed the Bluetooth connection of any untrusted device that happened to be in range. This is a serious flaw and with this issue, anyone can connect to the device and steal important information from the device without the other person even knowing about it.
In their research findings, it is said that “This vulnerability allows an attacker to bond silently with an Android phone running a vulnerable version of the app. The bonding process involves exchanges of permanent identifiers of the victim phone: The identity address of the Bluetooth device in the phone and a cryptographic key called Identity Resolving Key (IRK). Either one of these identifiers can be used for long term tracking of the phone,”
Also, the fact that this issue was known is a serious cause of concern and it begs the question of why it was not fixed. Researchers also say that they notified the authorities about this issue 21 days back and the fix has just been rolled out.