[ad_1]
The infection tracking application allows computer experts to track those who use the application. It shows the surveys of the computer developer Hallvard Nygård. This poses a potential security risk for government members, who almost all downloaded the app immediately.
The “Stop the disease” app is downloaded by large sections of the Norwegian population. Government members also quickly downloaded it. Defense Minister Frank Bakke-Jensen was one of those who already downloaded it on Thursday.
“I’m participating!” Norway’s defense chief wrote on Facebook on Thursday at five, with a screenshot showing that he had installed the application.
Prime Minister Erna Solberg and Health Minister Bent Høie were also among those who immediately downloaded her on Thursday.
VG has received responses from 16 of the 19 government members, in addition to Erna Solberg. The 17 confirm that they have downloaded the application.
Now polls by computer developer Hallvard Nygård show that the app can be used to track users. Nygård has developed a dedicated tracking program for your mobile phone that listens for signals that the Smittestopp application sends to other nearby phones.
– Can be used to monitor people
One of the signals that Smittestopp sends is a unique code for the individual mobile phone. This code never changes and, according to Nygård, can be used to track and trace users.
– This can be used to monitor people. My application on the mobile phone can see which mobiles near me have installed Infection Stop. We have to be pretty close to each other, since this goes through bluetooth signals, but at least it has a range of perhaps up to ten meters, says Nygård.
– For example, you can place a mobile phone with this monitoring program near a person’s house, and thus determine if he or she is at home or not. Commercial operators and stores can also abuse the contagion application, who will be able to know if the person who entered the store has installed the application, he explains.
These ministers have confirmed that they have downloaded Infect Stop
– Is it possible to have a different solution, where the identification code is not the same all the time?
Absolutely. In applications developed by other EU countries, IDs are changed every hour or more. It’s totally possible to create an infection tracking app that prevents anyone from knowing who the others are, says Nygård.
This weakness in Infect Stop was pointed out by the group of experts that evaluated the security of the application. In one report of April 9, write that “permanent and device-specific identifiers between devices [vil] open to opportunities to derive the identity or infection status of others. “They write that it will be easy to change.
Ten days after the report was written, the change is not yet complete.
– I don’t think the developers have had time to change this. But I hope and believe they will change that soon, says Nygård.
The developer will fix the problem.
For VG, developer Simula, who created the app, says they are aware of the problem.
– We will change this in the next round. Then the identification will change at a rate. We have agreed with the security group to take this to the next round, but we don’t have a date for when it will be, says SimulaMet director Olav Lysne.
He says this was expected and says they are happy that the environment is seeing the app.
– Overall, I am very satisfied with what the environment does. We keep an eye on them all the time, even when they talked about our app after the advertising. They work fast, well and responsibly. But if they find anything serious, we’d like to contact them first, Lysne says.
Which means it requires observation
VG security expert Einar Otto Stangvik has seen the case, but believes that the abuse requires that you can confirm by observation that an ID belongs to a certain person. Then you can find out that the same person, or at least the person’s phone, is nearby if the ID appears.
However, he notes that it can be argued that, in many situations, a passing person can be visually recognized as soon as identification is seen.
Due to the proximity and the number of sensors required for widespread tracking, he is less concerned with espionage by state actors, but says it could be exploited by someone with existing infrastructure, such as ad display.
Usage is coordinated and clarified with PST
On Friday Erna Solberg told DN that she makes an exception to the rules for using the app. Initially, the Prime Minister has strict rules for apps that track and store location data.
In this case, she says PST has approved the use.
– The security assessment that we have carried out is that unauthorized people cannot enter the application. PST has also been in this review, and they are concerned that you may never know where I am in real time. Where I’ve been historically isn’t necessarily that sensitive, Solberg tells DN.
When VG contacts the Prime Minister’s Office about the new information, they mean Simula and PST.
– Both the Prime Minister and the use of this application by other prime ministers is coordinated and clarified by the PST. PST does not approve apps, but we are aware that this app, as well as many other geolocation apps, can make it possible to track people. We are taking the necessary steps to protect our government officials, says senior adviser Annett Aamodt at PST.