Your COVID-19 digital passport might be a security risk

2022-03-09 18:49

How COVID-19 vaccine passport apps fail to secure data.

In addition to failing to protect the data encoded by the QR code, 27 of the 40 vaccine passport apps that Symantec tested turned out to have risky behavior typically associated with mobile apps.

A full 43% of the passport apps required access to external storage, 38% operated without HTTPS, a couple apps also disabled SSL CA Validation and transmitted data unencrypted and one even contained hardcoded Amazon credentials.

Symantec also looked at passport validation apps, which are used to verify information presented by a consumer vaccine passport app.

Symantec considered several possible security flaws in validation apps, such as whether the app accessed URLs insecurely, how they transmitted and stored cloud data, and whether they were vulnerable to any of the behaviors discovered in passport apps.

"Only give apps permission to private data that they require, nothing more. Whenever possible, avoid third-party apps claiming to securely store your vaccination records and instead use digital wallet solutions provided by the major mobile platforms, such as the Apple Health app and Google Wallet," Watkins said.

News URL

https://www.techrepublic.com/article/your-covid-19-digital-passport-might-be-a-security-risk/

#covid19 #digital #security