Identified Security Flaws in Corona-Warn App: Researchers Detail Potential Vulnerabilities
Critics Assail Corona Warning Apps in Germany, Italy, and Switzerland
BERLIN — A recently published paper by international researchers harshly criticizes the current corona warning apps in Germany, Italy, and Switzerland, according to an article in the latest edition of Der Spiegel.
The researchers question the German warning app's effectiveness, expressing particular disapproval towards the German government's decision to leverage a system dictated by Google and Apple. They argue that this choice leads to "significant technical and political problems" and potentially opens "Pandora's box," pointing to three potential attack scenarios that could produce false notifications about infection risk.
The international researchers also caution that relying extensively on Google and Apple in the battle against the pandemic could grant the tech giants access to the health systems of the respective countries. To date, this domain has been relatively unexplored by the US tech giants, who are typically dominant in other sectors.
Ahmad-Reza Sadeghi, the spokesperson for the cybersecurity department at TU-Darmstadt, advocates for a drastic change in course and reliance on alternatives to the Apple and Google system to develop more effective apps. He asserts that the high costs of the German app would be negligible in comparison to the development of an independent and more secure solution.
Background
The criticisms of digital contact tracing apps, including concerns about privacy, efficacy, and user acceptance, have been the subjects of numerous studies.
Privacy issues have emerged as a primary concern, especially in Germany where concerns about data security and privacy have significantly impeded the widespread adoption of COVID-19 contact tracing apps. Similar concerns regarding the perceived intrusiveness of the programs and autonomy issues have surfaced in other countries.
In terms of effectiveness, the NHS COVID-19 app in England, which serves as a model for some European countries, has faced scrutiny due to inefficiencies such as low exposure alerts. The uptake of such apps can be influenced by factors like trust in the government and privacy measures, and sometimes, proximity tracing apps have been the subject of scrutiny in countries like Switzerland due to concerns over privacy and effectiveness.
To address these criticisms, researchers suggest incorporating robust privacy-preserving designs, combining digital tracing with traditional methods, fostering transparency and user engagement, and utilizing technological innovations, such as AI and NLP techniques to improve app design and address user concerns.
- The international researchers argue that the widespread reliance on Google and Apple systems for coronavirus contact tracing apps in Germany, Italy, and Switzerland may grant these tech giants access to the health systems of the respective countries, a domain that has been relatively unexplored by them.
- In spite of concerns about privacy, efficacy, and user acceptance, digital contact tracing apps, such as the one in England which serves as a model for some European countries, continue to face scrutiny, with low exposure alerts being one of the issues plaguing the NHS COVID-19 app.
- To address the criticisms, researchers propose the incorporation of robust privacy-preserving designs, combining digital tracing with traditional methods, fostering transparency and user engagement, and utilizing technological innovations like AI and NLP techniques to improve app design and address user concerns in the field of health-and-wellness and medical-conditions.
