Software engineer Frederic Rechtenstein found a South Korean mobile application designed to enforce pandemic quarantines contained major security flaws that could compromise users' private information.
The country in April started requiring all visitors and residents from abroad to isolate themselves for two weeks, with compliance monitored by the location-tracking Self-Quarantine Safety Protection app.
Rechtenstein discovered developers were assigning users easily guessable identity numbers, which hackers could exploit to access information provided upon registration; the app also insecurely encrypted communications with the server where data was stored, enabling hackers to easily find the key and decode the data.
The New York Times confirmed the defects, which South Korea's Ministry of the Interior and Safety has corrected.
Ministry officials acknowledged the rush to develop and deploy the app and a lack of security expertise likely gave rise to the flaws.
From The New York Times
View Full Article - May Require Paid Subscription
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found