Government rejects claims of COVID-19 app being risky
Wednesday, June 10th: The National Information Technology Board (NITB) said in a statement that there was no security flaw in the official app, which aims to raise awareness about the near availability of ventilators across the country.
Rejecting the French hacker’s claim, the NITB said that the purpose of the app was to prevent the spread of the coronavirus, so only a limited amount of user information was obtained through it.
The NITB said in a statement that the app does not reveal the current location of the affected user, but identifies patients who have confirmed their illness from a distance of 10 meters, while the rest are in quarantine is identified from a distance of 300 meters, so patients who have been allowed to contact voluntarily to keep other citizens safe.
NITB added that in addition, all users have fully complied with the terms and conditions of the app.
According to NITB, a user’s login mechanism is not present in the app, which is why the use of login and password is not part of the app workflow, as clarified. Given so that Endpoint can only be used from the app.
The NITB said that all our applications run using HTTPS, so the protection of user data is done in accordance with International standards as it is of fundamental importance.
It should be noted that the French hacker had claimed in a few posts on Twitter yesterday that there was a flaw in the official app “COVID-19 Gov PK” created by the government of Pakistan.
1/ Yesterday night, I analysed "COVID-19 Gov PK", the official #Covid19 mobile app made by the Pakistani government. Hardcoded passwords, insecure connections, privacy issues, … nothing is ok with this app.
Want to see this horror? Follow me ⬇️ pic.twitter.com/cpdf5ezoFM
— Baptiste Robert (@fs0c131y) June 9, 2020
He said that under this, confidential information and data of consumers is being stolen and it is insecure.
3/ It's NOT a contact tracing app. It gives access to dashboards for each province and state, you can do a self-assessment, get radius alert, get a popup notification reminding the user of their personal hygiene (wut?). pic.twitter.com/Ec8Z4Fis8h
— Baptiste Robert (@fs0c131y) June 9, 2020
4/ When you open the app, it asks a token to the pak gov server with hardcoded credentials: CovidAppUser / CovidApi!@#890# pic.twitter.com/tK2IzxzfkM
— Baptiste Robert (@fs0c131y) June 9, 2020
Stay tuned for more Updates !