Comments On Home Office App For EU Citizens Easy To Hack

Reports have surfaced stating that a smartphone app developed by the Home Office to help European citizens apply to live and work in the UK after Brexit has serious vulnerabilities that could allow hackers to steal phone numbers, addresses and passport details, according to researchers. So far more than 1m out of the estimated 3.5m EU citizens living in the UK have downloaded the EU Exit: ID Document Check app for Android smartphones.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Israel Barak
Israel Barak , Chief Information Security Officer
InfoSec Expert
November 18, 2019 2:02 pm

Today, consumers should be working under the assumption that their private information has been stolen by hackers ten times over and should be reminded again to watch their identities and credit for abuse. As an industry, until we can start making cybercrime unprofitable for adversaries, they will continue to hold the cards that will yield potentially massive payouts. Because the researchers only tested the app for security vulnerabilities with Android smartphones, iPhone users shouldn\’t assume their personally identifiable information hasn\’t also been compromised in some fashion.

Overall, the industry is improving and the major phone/OS manufacturers are implementing positive changes, but the smartphone industry is roughly where the PC industry was in the mid to late 90s. In other words, they have a long way to go when it comes to hardening security defenses. If non-technical crime actors are able to carry out attacks then more people are at risk. I highly doubt this type of attack will be the wake-up call for the industry but I hope to be pleasantly surprised.

Last edited 3 years ago by Israel Barak
Jonathan Knudsen
Jonathan Knudsen , Senior Security Strategist
InfoSec Expert
November 18, 2019 1:59 pm

Anyone can stack one rock on top of another, which is fine if you want to make a pile of rocks. If you want to build a bridge, or a cathedral, you need more skills, better planning, and knowledge of physics, trigonometry, and materials. Similarly, anyone can write software. Making software that is secure and resilient (as all software should be) requires more skills, better planning, and more knowledge than just writing code in a text editor.

The cornerstone of real software engineering is a Secure Development Life Cycle, in which security is a primary consideration at every phase of design and implementation. Coupled with more testing and better testing, the SDLC is a process that helps organizations produce software that is safer, more secure, and more robust.

The Home Office\’s intention to replace a cumbersome paper application with a smartphone app is laudatory, but the implementation has fallen short. Perhaps a top-to-bottom security-forward reworking of this app would produce both the desired functionality as well as the necessary safety and security for such a sensitive app.

Last edited 3 years ago by Jonathan Knudsen
2
0
Would love your thoughts, please comment.x
()
x