Vulnerabilities Detected in Government-sanctioned COVID-19 App

A COVID-19 app officially approved by the government of Colombia has been found to contain vulnerabilities.

Research published today by ZeroFOX’s Alpha Team raises concerns over an official government-sanctioned mobile app and several other apps created in response to the global health crisis. 

On March 9, Colombia's president, Ivan Duque, announced the launch of the CoronApp-Colombia app as a way for Colombians to send health updates and receive coronavirus news. Researchers found that the app, which has over 100,000 users, exposes user data.

"The CoronApp-Colombia app had a vulnerability where it was sending Personal Health Information (PHI) and Personally Identifiable Information (PII) data in plaintext," said Zack Allen, director of threat intelligence at ZeroFOX.  

"This includes passport numbers, passwords, and self-disclosed health information." 

Researchers found another app in use in Italy, released in beta testing mode, was recompiled with a backdoor and was "actively infecting victims." 

Asked if governments, instead of setting up new apps, should look to partner with existing apps to get the word out quickly and more safely, Allen said: "This is a fantastic demonstration of private and public industry working together, and I think it would be a great approach, granted the people trust these apps. It all depends on who wants to inherit the risk. 

"Many social media sites, for example, have COVID-19 splash pages and notifications for information, but having a large tech company hold all your data may have the same effe ..

Support the originator by clicking the read the rest link below.