Google exposes sensitive data by the wrong implementation of COVID-19-exposure tracking system

Researchers report finding multiple security flaws in Google support for contact tracking apps that could expose sensitive information. Experts report that these failures lie within the framework of Google-Apple Exposure Notifications (GAEN), funded by the U.S. Department of Homeland Security (NHS). This is a framework that allows users to keep track of coronavirus contagions recorded in the places they visit.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

GAEN offers a decentralized system for Bluetooth-based mobile contact tracking applications. The framework is designed to help public health authorities manage the spread of coronavirus and save lives. With the coronavirus-exposure notification system, neither Google or Apple or any other users can see the user’s identity, as all registration occurs on a user’s device.

Google exposes sensitive data by the wrong implementation of COVID-19-exposure tracking system

AppCensus experts have emphasized that there is no problem with COVID-19 contact tracking apps, although what concerns them is Google’s implementation of what was supposed to be a privacy preservation technology.

This hypothesis is based on the gaEN-based applications, developed jointly by Apple and Google, with severe security flaws, and Google’s GAEN implementation records sensitive information.

While this data could be read by hundreds of third-party apps, apps downloaded from the Google Play store have not been able to access system logs since 2012. Still, Google allows smartphone developers, network operators and their business partners to pre-install high-privileged applications on the system, experts mention.

This is a particular issue because the logs contain progressive proximity identifiers (RPI), which are transmitted from other devices by running the contact tracking app that are within reach of a user’s device. The log also contains details of the RPI, which change approximately every 15 minutes; As a final result, applications developed by device manufacturers such as Samsung and Xiaomi with the ability to read system logs can also access sensitive data from devices running Bluetooth-based tracking apps.

Experts do not claim that it is the fault of device manufacturers, as they claim that this is due to Google’s registration of sensitive data in the system registry in the first place, which will surely result in Google’s improper implementation of the GAEN mechanism.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Google exposes sensitive data by the wrong implementation of COVID-19-exposure tracking system appeared first on Cyber Security News | Exploit One | Hacking News.

By admin