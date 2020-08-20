from the eye-see-you dept.
College contact-tracing app readily leaked personal data, report finds:
In an attempt to mitigate the potential spread of COVID-19, one Michigan college is requiring all students to install an app that will track their live locations at all times. Unfortunately, researchers have already found two major vulnerabilities in the app that can expose students' personal and health data.
Albion College informed students two weeks before the start of the fall term that they would be required to install and run the contact tracing app, called Aura.
[...] Aura, however, goes all in on real-time location-tracking instead, as TechCrunch reports. The app collects students' names, location, and COVID-19 status, then generates a QR code containing that information.
[...] TechCrunch used a network analysis tool to discover that the code was not generated on a device but rather on a hidden Aura website—and that TechCrunch could then easily change the account number in the URL to generate new QR codes for other accounts and receive access to other individuals' personal data.
A student at Albion, looking into the app's source code, also found hard-coded security keys for the app's backend servers. A researcher took a look and verified that those keys gave access to "patient data, including COVID-19 test results with names, addresses, and dates of birth," TechCrunch reports.
(Score: 2) by leon_the_cat on Friday August 21, @02:13PM (1 child)
Whoda thunk it!!!
(Score: 2) by Runaway1956 on Friday August 21, @02:29PM
This exactly. Install an app that tracks you, and act surprised when it does what it says, then act MORE surprised that third parties can track you. "Smart phone" and "security" isn't quite an oxymoron, but it's so close as to make no difference.
(Score: 0) by Anonymous Coward on Friday August 21, @02:33PM
Have you had enough yet? Or do you need some more?
(Score: 0) by Anonymous Coward on Friday August 21, @02:38PM (1 child)
The Wuhan virus: never let a good crisis go to waste.
This shit is straight of out a Communist Eastern European country. Not warranted at all by the danger of the virus.
Also, how did Michigan become such a totalitarian, dictatorial place? Anyone else think their Governor Whitmer has a facial expression that radiates psychopathy?
(Score: 0) by Anonymous Coward on Friday August 21, @02:52PM
This article is discussing a private college. What on earth does the state of Michigan or its governor have to do with the stupid policies of a private college?
(Score: 2) by barbara hudson on Friday August 21, @02:51PM
The app has hardly any uptake, so it won't be of any use in the wider community. The solution, of course, is to go to a better school - this one isn't exactly going to challenge anyone looking for a serious education. Snobbish small private school with a limited curriculum.
