News

Pakistan Government’s #Covid19 tracing app leaks user’s private data [DO NOT USE]

TheDigitalHacker has been reported that the app made by developers of the Pakistan government to track #covid19 uses a 3rd-grade security system that can leak personal data like passwords, personal information which are the 1st level concerns for any privacy tracing apps.

Pakistan Government's #Covid19 tracing app leaks user's private data [DO NOT USE] 2

1. It uses HTTP not HTTPS to manage server

HTTPS has been a standard for decades to transfer any private data securely and organization.

Pakistan Government's #Covid19 tracing app leaks user's private data [DO NOT USE] 3

Before 2016 implementation of HTTPS on the server was used to be an expensive task,  and many organisation weren’t able to afford unless they were well funded.

Gaining an HTTPS certificate doesn’t cost a penny

In 2016, the Electronic Frontier Foundation encouraged the organizations, websites, and app developers to use HTTP by availing secure certificates for free.

 

2. User’s data including password not Encrypted

password unencrypted
unencrypted password – twitter Elliot Alderson

Apart from using HTTP they also did not encrypt the password field. This opens up a big vulnerability and anyone using the same wifi, or a router through which the data is transferred can see the exact password without putting much effort.

3. Reported but they Fought back

Pakistan Government's #Covid19 tracing app leaks user's private data [DO NOT USE] 4

The security vulnerability was reported to Pakistan but the developers blamed back “arguing” it wasn’t the password but a key.

But it turns out to be the password itself, and the developers liked the fact.

TheDigitalHacker recommends not to use

We do not recommend using this app unless it is updated with latest security measures and encrypts users’ data before sending it to the server.

We encourage the government of Pakistan to take further action, making the app temporarily unavailable and available once the app matches and protects the basic privacy of its citizen.

#COVID19 data leak can create chaos in tier 1 country

Companies like Google, Apple has been investing a fortune in building the covid19 tracing app secure and ensuring users that the data won’t be leaked.

If personal data like password, name, and #covid19 data gets leaked it can create uncontrollable chaos among people.

TDH Publishing

TheDigitalHacker is your tech news, products, funding website. We provide you with the latest breaking news and videos straight from the tech industry.
Back to top button
Close
Close