Amidst the covid-19 breakout, the entire world has been adversely affected by its consequences. Covid-19 has resulted into a world of economic crisis. People across the globe are shattered and locked up in their own houses. The government itself cannot figure out the solution for this existing redemption. Since, the virus has been exaggeratedly spread among the public, it had become difficult for the government to separate the affected people, as the result some software companies decided to build contact tracing apps for public health organizations.
What is the contact tracing app?
First of all, lets know what is contact tracing, contact tracing is the process of identification of persons who may have come into contact with an infected person and subsequent collection of further information about these contacts. It is one of the interventions that have been used to effectively to control coronavirus disease (COVID-19) outbreaks throughout the world.
So, in the same way, the contact tracing app is an online platform to recognize the adversely affected COVID areas. The contact taking app is configured to use Bluetooth technology to learn who the person has come into contact with and then notify those people of possible exposure.
Why is it vulnerable?
Subsequently, the whole backend of this technology relies on Bluetooth services of android/smartphone devices. Let it be from blue borne to Sweyn Tooth, Bluetooth technology has never been reliable and has always been threatened by some exploits and vulnerabilities.
According to the recent research it has been found that android has been recently diagnosed by threat in its Bluetooth protocol. However, to counter the bug, Android has recently released a patch for its critical vulnerability related to the implementation of the Bluetooth protocol.
Thus, This vulnerability allowed an attacker to remotely take over specific Android devices without any required user interaction from the victim which clearly indicated that the it has been stroked down by (RCE) remote code execution. The vulnerability was driven away by the vendors before exploitation by the threat actors. The infected applications may ask permission for GPS which could potentially be used by the intruders to tack day-to-day activities.
San Francisco’s based bug bounty platform, the entire attack surface of these contact tracing applications has to be properly investigated because it may put data privacy at high risk.– Niels Schweisshelm, Technical Programme Manager at HackerOn.
“An attacker could attempt to overload a user’s device with BLE messages that appear to the mobile device as sufficiently valid to store which could cause the application to not function as desired or to later receive false-positive contact notifications,” he explained.
Even if a contact tracing application does not collect and share GPS location data, this data could be shared with other people as part of the contact tracing process so, the user must ensure the legitimacy of the app
Additionally, Singapore and Australia are already using Bluetooth-based tracing app, joining the current vogue google and apple have announced that the two companies are building changes into Android and iOS to enable Bluetooth-based Covid-19 contact tracing, they touched off an immediate firestorm of criticisms. Since both the companies had a non-impressive image of data privacy, it became obvious to be criticked.
“The potential privacy concerns surrounding these contact tracing solutions should remind governments developing them that the security community will scrutinise these apps more than any app in recent years,” Schweisshelm told IANS.
On its contact tracing app, according to Apple, “Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyse“.
Shall I follow any prevention?
Undoubtedly, Bluetooth Technology has many security vulnerabilities in its various configurations. subsequently, android has already released the patch. Therefore, it is advised to update the operating system to its latest version. Besides, here we need to follow some preventive measures while we grant administrative permission to Bluetooth borne apps:
- Withhold the data transmission of sensitive personal information, it might be sniffed.
- Try to monitor your daily data usage
- Install the best (WAF)web application firewall to avoid trojans and payloads.
- Avoid accepting attachments or applications received on your phone via any web requests.