HomeNewsPakistan Government's #Covid19 tracing app leaks user's private data

Pakistan Government’s #Covid19 tracing app leaks user’s private data [DO NOT USE]

-

Last Updated on 10/06/2020 by TDH Publishing (A)

TheDigitalHacker has been reported that the app made by developers of the Pakistan government to track #covid19 uses a 3rd-grade security system that can leak personal data like passwords, personal information which are the 1st level concerns for any privacy tracing apps.

Pakistan Government's #Covid19 tracing app leaks user's private data [DO NOT USE] 1

1. It uses HTTP not HTTPS to manage server

HTTPS has been a standard for decades to transfer any private data securely and organization.

Pakistan Government's #Covid19 tracing app leaks user's private data [DO NOT USE] 2

Before 2016 implementation of HTTPS on the server was used to be an expensive task,  and many organisation weren’t able to afford unless they were well funded.

Gaining an HTTPS certificate doesn’t cost a penny

In 2016, the Electronic Frontier Foundation encouraged the organizations, websites, and app developers to use HTTP by availing secure certificates for free.

 

2. User’s data including password not Encrypted

password unencrypted
unencrypted password – twitter Elliot Alderson

Apart from using HTTP they also did not encrypt the password field. This opens up a big vulnerability and anyone using the same wifi, or a router through which the data is transferred can see the exact password without putting much effort.

3. Reported but they Fought back

Pakistan Government's #Covid19 tracing app leaks user's private data [DO NOT USE] 3

The security vulnerability was reported to Pakistan but the developers blamed back “arguing” it wasn’t the password but a key.

But it turns out to be the password itself, and the developers liked the fact.

TheDigitalHacker recommends not to use

We do not recommend using this app unless it is updated with latest security measures and encrypts users’ data before sending it to the server.

We encourage the government of Pakistan to take further action, making the app temporarily unavailable and available once the app matches and protects the basic privacy of its citizen.

#COVID19 data leak can create chaos in tier 1 country

Companies like Google, Apple has been investing a fortune in building the covid19 tracing app secure and ensuring users that the data won’t be leaked.

If personal data like password, name, and #covid19 data gets leaked it can create uncontrollable chaos among people.

TDH Publishing (A)
TDH Publishing (A)
TheDigitalHacker.com is a Google News approved technology conglomerate publishing platform that published content that matters and helps us share more with the world.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...