As more governments turn to application-based contacts to help curb coronavirus outbreaks, cybersecurity experts warn that this could spark new interest in Bluetooth attacks. They urge developers to ensure that such applications are regularly checked for vulnerabilities and release fixes quickly to connect potential "holes", while governments should ensure that their databases are secure and that the data collected is not used for any purpose. other than those originally intended.
Users should also take the necessary steps to protect their privacy data and prevent their devices from being targeted by cybercriminals.
According to Acronis co-founder and technology president Stas Protassov, Bluetooth has had several weaknesses in the past, such as in February, when BlueFrag, a critical vulnerability that affected many devices. Android and Apple iOS, which then required code updates.
If uninformed, the devices may be compromised by hackers and steal users' personal data, Protassov warned. He also stressed the need for users to update it firmware of their devices to ensure that vulnerabilities are rectified immediately. As with any application, you should also check them royalties requested by all contact tracking applications.
Most of these applications, including TraceTogether in Singapore, use Bluetooth signals to locate others at close range, and security observers say it could leave the smartphone exposed to threats, especially if there are vulnerabilities that have not been discovered or have not. resolved.
"People will want to download these apps to help fight the pandemic, but they also need to be aware of the dangers of cyberspace. Only install official applications ", said Protassov, noting that malicious similar ones have probably already been developed applications and will be released immediately after the official.
HackerOne's technical manager, Niels Schweisshelm, also highlighted the critical vulnerabilities associated with the Bluetooth protocol and its applications, which were exploited by remote users. invaders and allowed arbitrary code execution on affected Android devices.
While these vulnerabilities have been fixed since then, Schweisshelm said the fixes do not guarantee that Bluetooth and its implementations will be free of future vulnerabilities. He added that security research in the near future is expected to focus heavily on wireless. technology and this could reveal other similar vulnerabilities.
Tom Kellermann, head of VMware Carbon Black's cyber security strategy, also stressed the need for regular contact to be monitored regularly for vulnerabilities and critical updates to be released quickly. He said they need to be regulated so that they can be updated automatically and prevent interaction with mobile digital assistants.
Noting that Bluetooth attacks are likely to be released, Kellermann said users should turn on wireless technology only when leaving their home and restricting location settings so that they are only executed when used.
Governments must also ensure that backend databases are secure and conduct regular testing of applications to mitigate exploitation. applications contact monitoring.
According to the Singapore Government, the TraceTogether application does not collect location data or request the user's mobile phone during installation. Meanwhile, all data collected is held by the Department of Health (MOH) and stored on a "high security server" along with a random anonymous user ID associated with the mobile number.
Synopsys Software Integrity Group senior security consultant Samantha Isabelle Beaumont warned that contact detection applications allowed intruders to access users' Bluetooth, as well as "read" all Bluetooth communications on connected devices their, including their car, the music they listened to, the home IoT (Internet of Things)) devices, among others.
Beaumont has advised users to protect themselves by limiting various items, such as the number of applications they download, the number of Bluetooth components they connect to, the number of Bluetooth components they maintain as permitted - or known devices - and the amount of information transmitted via Bluetooth.