SoylentNews is people
SoylentNews
Locked iPhones rendered almost useless in Australia's COVIDSafe tracking efforts:
Software engineer Richard Nelson, who was part of a team of researchers that found other bugs in COVIDSafe, has detailed a bug affecting iPhone users, rendering their device basically useless when it comes to tracking efforts.
A locked iPhone with an expired ID cannot generate a new ID. Without an ID, Nelson said the device will record other devices around it, but cannot be recorded by others.
"A device in this state will record other people around it, but will not be recorded by others. If all relevant devices are in this state, no encounters are logged," he wrote.
"One could imagine Alice packing her bag, putting her iPhone in and going out for the day to a football game. With her device in this state, nobody else will record her presence, and if anyone around her tested positive she would not be contacted."
[...] Nelson told ZDNet that if the iPhone user was to unlock their phone, but not necessarily open the COVIDSafe app, a new ID would be fetched.
"If Alice's device was locked and had an expired token, and Alice then unlocks her device to check email, for example, and if Bob's device then scans and picks up Alice's device, Bob will be able to read Alice's ID," Nelson added.
But if the device is locked again first, it won't be read.
(Score: 2) by lentilla on Tuesday June 16 2020, @02:38PM (2 children)
Amen to that - simply being able to read the code does inspire trust.
This is probably the most benign application a smartphone will ever run. If I understand correctly, there is no network access. The app simply collects IDs of the other apps that have been in range. If a person falls sick, the phone is accessed manually (upon request) and contact tracing proceeds. All-in-all, an admirably light touch.
I still think it is an idiot license, but your point is entirely valid.
(Score: 2) by Bot on Tuesday June 16 2020, @04:46PM (1 child)
It doesn't matter how secure and well coded this app is, the system is open to abuse.
People infected others for profit and malevolence during pandemies, here you need the cellphone of a declared positive and you can quarantine the coworker, the ex, the political adversaries before elections, take out enemies oppa fascist (and allied) squads style.
Account abandoned.
(Score: 3, Insightful) by lentilla on Tuesday June 16 2020, @06:45PM
Well, yes, I suppose so. Any system - any thing - is open to abuse. Your sequence of events does seem pretty far-fetched and it's not even particularly evil - get flagged and you get to spend a single fortnight at home. That's no more inconvenient than the last few months. I am curious as to why you feel it important enough to bring up?
About the most evil thing you could possibly do with this tool is "digitally infect" a bride a week before the Big Day. Now that would be pretty awesome catty evil! All the other suggestions? Inconvenient, but only slightly. Any election candidate worth their salt could spin this positive in the week prior to voting day.
If there is any small probability that I am infectious I'd prefer to know and stay out of circulation. Two weeks sitting at home seems such a small price to pay.
What would you suggest as a better alternative?