Leaderboard ad

Passionfruit ads

Monday, 27 April 2020

COVIDSafe app - "It's a hacker's paradise": Brad Spooner


The Australian government's COVIDSafe app: have you installed it on your phone?

More than a million Australians did, in the first four hours of its release last night. For real.

Should you or shouldn't you download and install this app on your smartphone?

According to this IT specialist Brad Spooner, from Spoontech IT, he says NO. You should not. And if you have: delete it immediately, he recommends. "It's a hacker's paradise", he says bluntly.

More about the app here is below, but first, here is what Brad thinks.

“Who developed this app?" Brad questions. "Not us in Australia, it was made in India."

He continues: "Where is the security report to say that it's not using your data unlawfully? And where is the proof it isn’t?

"Considering it is using bluetooth which is the most unsecure wireless protocol known to man, and the pairing passwords are 0000 and 1234 for most devices... like, really? And we are calling this safe?

"Bluetooth, once paired, can access everything on your phone and it doesn’t have co-ordinate capabilities like GPS, meaning they are connecting everyone via bluetooth and getting your info from the phone and using GPS to broadcast your position so they get anything you have from any phone and know where you are and how far you are away from the people you are with!


"Money making? Get ready for a fine in the mail without even realising it.

"You buy a new phone and bluetooth to your old phone and it connects to download ALL your files. Who is to say this app it not automatically pairing to each phone? What about the fact bluetooth is unstable and easily hackable.

"I can download apps to my phone that can connect to every discoverable bluetooth enabled phone (of which there are lots) and download anything I want. Also, the fact that for bluetooth to see each other the phone has to be made discoverable always. So when you pair a normal device the bluetooth is only active for two minutes or so. So for it to pickup people you walk past it has to be discoverable 24/7.


"This is a major security risk as I could use the two common passwords as per those mentioned above and connect to anyone's phone, anytime.

"Imagine if you had photos on there that you don’t want the world to see!

"One million people downloaded it in the first four hours because they want the lockdown to end early, and that's how the government have marketed it, but where did they give us enough information to assure us it's safe? They didn’t.

"This app is also going to be used for social distancing rules, so beware they are watching everything now. Watch your mailbox.

"Another point is if you remove the app who’s to say they have not still installed an underlying app to continue keep an eye on you anyway long term, like Google already do.

"Plus with bluetooth being on 24/7 and discoverable, it's going to drain battery life from people's phones.

"People are in a COVID-19 brain dead state due to lockdown and just want this over so they have all band-wagoned on this app, but really, they have just been sucked in by the whole “it will be over quicker” thing, which is bull. You know what, it's the government's way of keeping an eye on who is doing the right thing.

"I have been in IT for over 29 years and I have dabbled in the dark side of the web many times, and let's just say if you downloaded this app as much - as you thought you were doing the right thing - I would uninstall it ASAP and just stay home and stay safe in your own way."


The Australian government instead says:


Your information and privacy is strictly protected.
Read the COVIDSafe Privacy Policy for details on how personal information collected in the app is handled. 
A Privacy Impact Assessment was commissioned to ensure that privacy risks have been addressed. See the Privacy Impact Assessment Report and our Agency Response.
The Health Minister has issued a Determination under the Biosecurity Act to protect people’s privacy and restrict access to information from the app. State and territory health authorities can access the information for contact tracing only. The only other access will be by the COVIDSafe Administrator to ensure the proper functioning, integrity and security of COVIDSafe, including to delete your registration information at your request. It will be a criminal offence to use any app data in any other way. The COVIDSafe app cannot be used to enforce quarantine or isolation restrictions, or any other laws.

Source: https://www.health.gov.au/resources/apps-and-tools/covidsafe-app

And, the site also states:

When you download the app you provide your name, mobile number, and postcode and select your age range (see Privacy). You will receive a confirmation SMS text message to complete installation. The system then creates a unique encrypted reference code just for you.
COVIDSafe recognises other devices with the COVIDSafe app installed and Bluetooth enabled. When the app recognises another user, it notes the date, time, distance and duration of the contact and the other user’s reference code. The COVIDSafe app does not collect your location.
To be effective, you should have the COVIDSafe app running as you go about your daily business and come into contact with people. Users will receive daily notifications to ensure the COVIDSafe app is running.
The information is encrypted and that encrypted identifier is stored securely on your phone. Not even you can access it. The contact information stored in people’s mobiles is deleted on a 21-day rolling cycle. This period takes into account the COVID-19 incubation period and the time it takes to get tested. For more, see Privacy.

When an app user tests positive for COVID-19

When someone is diagnosed with COVID-19, state and territory health officials will ask them or their parent/guardian who they have been in contact with. If they have the COVIDSafe app and provide their permission, the encrypted contact information from the app will be uploaded to a highly secure information storage system. State and territory health officials will then:
  • use the contacts captured by the app to support their usual contact tracing
  • call people to let them or their parent/guardian know they may have been exposed
  • offer advice on next steps, including:
    • what to look out for
    • when, how and where to get tested
    • what to do to protect friends and family from exposure
Health officials will not name the person who was infected.

After the pandemic

At the end of the Australian COVID-19 pandemic, users will be prompted to delete the COVIDSafe app from their phone. This will delete all app information on a person’s phone. The information contained in the information storage system will also be destroyed at the end of the pandemic.

Deleting the COVIDSafe app

You can delete the COVIDSafe app from your phone at any time. This will delete all COVIDSafe app information from your phone. The information in the secure information storage system will not be deleted immediately. It will be destroyed at the end of the pandemic. If you would like your information deleted from the storage system sooner, you can complete our request data deletion form.

What are your thoughts?

No comments:

Post a comment