Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Locked iPhones rendered almost useless in Australia’s COVIDSafe tracking efforts

June 15, 2020
in Internet Security
Locked iPhones rendered almost useless in Australia’s COVIDSafe tracking efforts
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Almost two months after the federal government released Australia’s coronavirus contact tracing app, researchers are still poking holes in the security of COVIDSafe.

Software engineer Richard Nelson, who was part of a team of researchers that found other bugs in COVIDSafe, has detailed a bug affecting iPhone users, rendering their device basically useless when it comes to tracking efforts.

You might also like

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

McAfee sells its enterprise business to private equity group as it focuses on consumer security

A locked iPhone with an expired ID cannot generate a new ID. Without an ID, Nelson said the device will record other devices around it, but cannot be recorded by others.

“A device in this state will record other people around it, but will not be recorded by others. If all relevant devices are in this state, no encounters are logged,” he wrote.

“One could imagine Alice packing her bag, putting her iPhone in and going out for the day to a football game. With her device in this state, nobody else will record her presence, and if anyone around her tested positive she would not be contacted.”

Technically speaking, Nelson said COVIDSafe uses KeychainSwift to store the JSON Web Token (JWT) used to fetch new TempIDs from the backend.

“When setting a new TempID locally, COVIDSafe uses the default value for the KeychainSwiftAccessOptions parameter, which is AccessibleWhenUnlocked. This means the keychain item cannot be accessed when the device is locked,” Nelson said.

“When a new TempID is needed, GetTempIdAPI tries to extract the JWT from the keychain in order to fetch a new TempID from the API. This fails when the device is locked, and so a TempID is unavailable.”

Nelson told ZDNet that if the iPhone user was to unlock their phone, but not necessarily open the COVIDSafe app, a new ID would be fetched.

“If Alice’s device was locked and had an expired token, and Alice then unlocks her device to check email, for example, and if Bob’s device then scans and picks up Alice’s device, Bob will be able to read Alice’s ID,” Nelson added.

But if the device is locked again first, it won’t be read.  

The example Nelson used shows there’s the potential for a lot of tracing data to be missed, making it suboptimal if someone else were to test positive and lots of other people had their devices locked for lengthy periods of time.

Nelson clarified this issue is only apparent on iPhones.

The Digital Transformation Agency (DTA) said in May that functional and performance testing was conducted for the Apple iOS and Google Android versions of the COVIDSafe App prior to release.

It said 179 functional tests were conducted, including Bluetooth encounters between various device types, in various states, including the phone being locked and unlocked, and the application being open and not open.

“All tests satisfied the baseline design requirements,” the DTA said. “Performance tests were also conducted against the technical requirements.”

The DTA said in these tests, the system “met and sustained the requirements and remained stable through the testing process”.

“The successful testing results underpinned the Digital Transformation Agency’s decision recommendation to release the COVIDSafe App into production,” it explained. “Consistent with an agile development methodology, the DTA will continue to make iterative enhancements to the App.”

In response to Nelson’s findings, the DTA told ZDNet it continues to welcome feedback on COVIDSafe from the developer community, with previous feedback helping the DTA to improve the app.

“The DTA will continue to release updates to the COVIDSafe app to deliver a range of performance, security, and accessibility improvements as required,” it said. “The Australian community can have confidence the app is working securely and effectively, despite the lack of community transmission of COVID-19.”

COVIDSafe was released in April and has been touted by the federal government as crucial in returning to business as usual post-coronavirus.

As of Friday, over 6.3 million Australians have downloaded the app.

See also: Canberra using a cold beer on a Friday as a guilt trip to download COVIDSafe

The government provided an update to its COVIDSafe plans on Friday, with a statement from Prime Minister Scott Morrison saying that under “step 3”, at a minimum, COVIDSafe arrangements must be maintained including: One person per 4sqm; staying 1.5 metres away from other people whenever and wherever possible; maintaining good hand washing and cough/sneeze hygiene; staying home when unwell and getting tested if presenting any respiratory symptoms or a fever; and downloading the COVIDSafe app to “allow identification and traceability of people that have been in contact with a confirmed COVID case”.

In a bid to build trust from Australians, however, it is considered an offence within the legislation surrounding COVIDSafe to require an individual to download the app, have the app in operation, or force someone to consent to uploading COVID app data.

The Prime Minister’s office is yet to return a request for comment on the contradictory directive.

MORE ON COVIDSAFE

Credit: Zdnet

Previous Post

WebAuthn Passwordless Authentication Now Available for Atlassian Products

Next Post

How Machine Learning Will Transform Engineering

Related Posts

Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
McAfee sells its enterprise business to private equity group as it focuses on consumer security
Internet Security

McAfee sells its enterprise business to private equity group as it focuses on consumer security

March 9, 2021
Everything you need to know about Microsoft Exchange Server hack
Internet Security

Everything you need to know about Microsoft Exchange Server hack

March 8, 2021
Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’

March 8, 2021
Next Post
How Machine Learning Will Transform Engineering

How Machine Learning Will Transform Engineering

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Operationalizing AI – Introduction to the ModelOps Pipeline
Data Science

Operationalizing AI – Introduction to the ModelOps Pipeline

March 9, 2021
SCA invests in Australian AI and machine learning company
Machine Learning

SCA invests in Australian AI and machine learning company

March 9, 2021
How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS
Neural Networks

How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ezviz C3X outdoor security camera review: Simple setup, superb features Review March 9, 2021
  • Operationalizing AI – Introduction to the ModelOps Pipeline March 9, 2021
  • SCA invests in Australian AI and machine learning company March 9, 2021
  • How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates