Corona Apps: Research report on shortcomings in the safety – Naturopathy naturopathy specialist portal

Corona-Warning Apps are not secure enough

In Germany, soon to be a Corona-Warning to App available. With their help, people who had contact with COVID-19-Infected should be able to, earlier and more accurately about the risk of contagion to be informed, explained to the consumer. In other countries, these Apps can be used for a long time. But Researchers now report on the protection of privacy and security risks.

British scientists noted in a recent study, Corona-Warning-can contribute Apps to slow down the spread of COVID-19 significantly. But unfortunately, these Apps are probably not sure enough. A German research team sees significant potential for improvement.

The App will help to get the Corona pandemic in the handle

The German Corona-Warning-App is “an effective means to help to get the Corona pandemic in the handle,” said government spokesman Steffen Seibert.

“The protection of privacy has the highest priority,” will Steffen Seibert quoted on the website of the Federal government.

But apparently, there are security and privacy deficits. Because according to a recent communication from a research team at the Technical University of Darmstadt, the University of Marburg and the University of Würzburg, Germany recent publications has demonstrated as theoretically possible as described privacy and security risks to the specification of the Google and Apple approach proposed for Corona Apps under realistic conditions of practical and confirmed.

On this approach by Deutsche Telekom, and SAP, the German Federal government developed German Corona-Warning-App is based, among other things. But also the Swiss and Italian contact-tracking Apps use this platform.

Detailed movement profiles of Infected

Through experiments in real-world scenarios, the researchers showed that already theoretically known risks can be exploited with current technical means.

Thus, an external attacker or external attacker with detailed movement can create profiles with the novel Coronavirus SARS-CoV-2 infected people and under certain circumstances, the affected persons identify.

On the other, an attacker or an attacker is able to manipulate the collected contact information through so-called Relay attacks, which may affect the accuracy and reliability of the whole tracking system.

Identification of infection cycles

The according to the experts, contact-tracking Apps promise on mobile devices, the way, the manual effort for the identification of infection cycles to significantly reduce and to increase the coverage of contact tracing.

One of the currently most popular proposals for contact tracing dates back to the cooperation of the American companies Google and Apple. It is expected that the two companies will integrate this new standard of functionality in their respective mobile operating systems, Android and iOS.

Some countries, including Germany, have chosen in their national projects for the digital identification of contact persons to this approach.

Sensitive locations of the test persons could be identified

The starting point for the experiments of the IT Security experts of the three universities were previously published reports on possible privacy and security risks in connection with the developments of the so-called “Google Apple Protocol” (CAP).

The scientists tested whether the conceptually described attacks can be carried out in practice. According to the figures, the experiments show that the CAP is prone to the creation of profiles and the De-anonymization of infected people allowed.

On the other hand, so – called Relay or wormhole in CAP-attacks possible, so that Attackers, or attackers with incorrect contact information can generate, and thus the accuracy and correctness of the overall system suffers.

According to the report, the research team realized the attacks by using the commercially available inexpensive tools such as a Bluetooth Sniffer (as an App on a smartphone or Raspberry PI) that can also be used in mobile environments.

Because the implementation of the CAP approach is not yet available to the wider scientific Community, the scientists from the attacks based on already published specifications constructed.

The results have shown that, by using strategically placed Sensors on Smartphones in a certain area to simulate the movements of infected persons, by means of test persons, in detail can be reconstructed.

Thus, it was also possible to identify sensitive locations of the test persons, as well as possible social relationships between them.

Clear Potential For Improvement

The susceptibility of CAP for so-called Relay or wormhole attacks revealed weaknesses. As it says in the message, this method of Attacking in the position to collect the so-called Bluetooth-user-IDs, which are generated by a contact tracking-App, and go unnoticed in more distant places forward.

So, among other things, successfully Bluetooth could be transferred IDs between two 40 kilometres away cities.

Thus, an attacker or an attacker may interfere with the contact tracking system as a Whole, by you, or it duplicates information on the presence of Infected in many places incorrectly, which could lead to a significant increase in the number of false alarms over the potential risk of infection.

The research team looks good overall, there is still significant potential for improvement for the Google and Apple approach proposed for Corona Apps.

A detailed description of the experiments and their results is to be found in the full report of the study on “arXiv.org”, a document server for Preprints from the fields of physics, mathematics, computer science, statistics, financial mathematics, and biology, to. (ad)

Authors and source of information