Today the Financial Times has published a news story about how the British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”
It certainly caught my attention. Just yesterday I used the EU Exit: ID Document Check app on my cleaning lady’s Android phone to help her apply for residency. And – to be honest – it was pretty easy to use, once I’d worked out how to change the language of her phone from Romanian to English.[embedded content]Applicants scan their passport, take a selfie, and use their phone’s NFC feature to read the biometric chip embedded in their passport.
But, according to the FT, Norwegian cybersecurity researchers have discovered flaws in the Android version of the app (they didn’t test the iPhone version):
Promon, a Norwegian cybersecurity company, found major loopholes that allowed them to take control of the app and access any information that was entered into it, including the facial scans and images of passport pages.
They were also able to see information being typed into the app, such as usernames, passwords and other details, and were able to alter information being entered.
“The tools we used are typically very easily accessible and require very little technical skill to use. It means any type of bad actor could perform this attack, without sophisticated technical knowledge,” said Tom Lysemose Hansen, chief technology officer at Promon, who added that they had “experienced no resistanc ..
Support the originator by clicking the read the rest link below.
