Sign In

Communications of the ACM

ACM TechNews

Major Security Flaws Found in South Korea Quarantine App


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook

South Korea has been praised for its effective use of digital tools to tame the coronavirus.

Credit: Woohae Cho/The New York Times

Software engineer Frederic Rechtenstein found a South Korean mobile application designed to enforce pandemic quarantines contained major security flaws that could compromise users' private information.

The country in April started requiring all visitors and residents from abroad to isolate themselves for two weeks, with compliance monitored by the location-tracking Self-Quarantine Safety Protection app.

Rechtenstein discovered developers were assigning users easily guessable identity numbers, which hackers could exploit to access information provided upon registration; the app also insecurely encrypted communications with the server where data was stored, enabling hackers to easily find the key and decode the data.

The New York Times confirmed the defects, which South Korea's Ministry of the Interior and Safety has corrected.

Ministry officials acknowledged the rush to develop and deploy the app and a lack of security expertise likely gave rise to the flaws.

From The New York Times
View Full Article - May Require Paid Subscription

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found