Hong Kong on Covid Tracing App: Security Flaws? What Security Flaws?

New analysis claims that Hong Kong’s covid-19 contact tracing app has a number of safety issues that might expose delicate person information. The metropolis’s response: We don’t know what you guys are speaking about.

The Hong Kong authorities launched the LeaveHomeSafe app in November of 2020 to assist observe and fight the pandemic. Available for iOS and Android, the app collects info on a person’s location as they journey across the metropolis, culling the info from barcode scans at native eating places. That may appear fairly innocuous, however given the political turmoil within the metropolis over the previous a number of years, Hong Kong residents aren’t essentially the most trusting today. The app shortly turned a topic of controversy, when native residents began expressing concerns that the app would possibly really be a device of presidency surveillance.

In May, the crowdfunded journalism non-profit FactWire reverse engineered the app and found evidence of a facial detection module contained in the code. However, it couldn’t be decided whether or not the module was really getting used or not.

Now, totally different researchers say that the app has much more issues: specifically, a number of safety points that could “allow hackers to access ID numbers, visit records or vaccination and testing information” below the correct circumstances.

The analysis in query was produced by 7ASecurity, a cybersecurity agency based mostly in Poland. In a lately revealed report, the researchers wrote that whereas they might not “conclusively prove malicious intent or unauthorized tracking of Hong Kong citizens,” the app has critical safety flaws that might end result within the leak or theft of person information.

In a statement revealed to its web site on Thursday, the Hong Kong authorities mentioned that there “has never been any security or privacy-related incidents” in reference to the apps. The authorities additional famous that it “regrets and firmly opposes the inaccurate reports and unfair allegations” made within the report.

Covid monitoring has dire penalties in China. At least 1,000,000 folks have been below strict lockdown in Wuhan as of Wednesday after three instances have been detected there. Enormous factories run by the likes of Foxconn and Huawei have saved staff on web site for twenty-four hours a day to stop publicity and maintain the amenities operating. Shanghai has locked down tens of thousands and thousands of individuals a number of instances over the previous six months.

For their half, the researchers appear to be fairly sure of their findings. “The goal of this engagement was to have an independent third party verify whether the official LeaveHomeSafe privacy and security claims, prominently presented on the app homepage, are accurate,” they write. The report goes on:

…[we] managed to identify a complete of 12 findings, 8 of which have been labeled as safety vulnerabilities and 4 as common weaknesses with decrease exploitation potential. Please word that 3 of the findings on this report had an estimated severity degree of excessive or crucial. This poor end result strongly means that the LeaveHomeSafe cellular apps haven’t been audited by any competent safety agency beforehand.

You can learn 7ASecurity’s full report on the safety points here.