Comments On Home Office App For EU Citizens Easy To Hack

Reports have surfaced stating that a smartphone app developed by the Home Office to help European citizens apply to live and work in the UK after Brexit has serious vulnerabilities that could allow hackers to steal phone numbers, addresses and passport details, according to researchers. So far more than 1m out of the estimated 3.5m EU citizens living in the UK have downloaded the EU Exit: ID Document Check app for Android smartphones.

Experts Comments

November 18, 2019
Israel Barak
Chief Information Security Officer
Cybereason
Today, consumers should be working under the assumption that their private information has been stolen by hackers ten times over and should be reminded again to watch their identities and credit for abuse. As an industry, until we can start making cybercrime unprofitable for adversaries, they will continue to hold the cards that will yield potentially massive payouts. Because the researchers only tested the app for security vulnerabilities with Android smartphones, iPhone users shouldn't assume .....Read More
Today, consumers should be working under the assumption that their private information has been stolen by hackers ten times over and should be reminded again to watch their identities and credit for abuse. As an industry, until we can start making cybercrime unprofitable for adversaries, they will continue to hold the cards that will yield potentially massive payouts. Because the researchers only tested the app for security vulnerabilities with Android smartphones, iPhone users shouldn't assume their personally identifiable information hasn't also been compromised in some fashion. Overall, the industry is improving and the major phone/OS manufacturers are implementing positive changes, but the smartphone industry is roughly where the PC industry was in the mid to late 90s. In other words, they have a long way to go when it comes to hardening security defenses. If non-technical crime actors are able to carry out attacks then more people are at risk. I highly doubt this type of attack will be the wake-up call for the industry but I hope to be pleasantly surprised.  Read Less
November 18, 2019
Jonathan Knudsen
Senior Security Strategist
Synopsys
Anyone can stack one rock on top of another, which is fine if you want to make a pile of rocks. If you want to build a bridge, or a cathedral, you need more skills, better planning, and knowledge of physics, trigonometry, and materials. Similarly, anyone can write software. Making software that is secure and resilient (as all software should be) requires more skills, better planning, and more knowledge than just writing code in a text editor. The cornerstone of real software engineering is a.....Read More
Anyone can stack one rock on top of another, which is fine if you want to make a pile of rocks. If you want to build a bridge, or a cathedral, you need more skills, better planning, and knowledge of physics, trigonometry, and materials. Similarly, anyone can write software. Making software that is secure and resilient (as all software should be) requires more skills, better planning, and more knowledge than just writing code in a text editor. The cornerstone of real software engineering is a Secure Development Life Cycle, in which security is a primary consideration at every phase of design and implementation. Coupled with more testing and better testing, the SDLC is a process that helps organizations produce software that is safer, more secure, and more robust. The Home Office's intention to replace a cumbersome paper application with a smartphone app is laudatory, but the implementation has fallen short. Perhaps a top-to-bottom security-forward reworking of this app would produce both the desired functionality as well as the necessary safety and security for such a sensitive app.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.