What will happen when Covid-19 Tracking Apps hacked by cybercriminals?

Image Source: https://www.medicaldevice-network.com/features/covid-19-contact-tracing-app/

What is a Mobile App?

As we all know how mobile phones so important to us to do our day-to-day tasks by using mobile phones. As we consider the main mobile operating systems categories in the market, we can divide them into two parts. Those are Android operating system based mobile devices and IOS operating system based mobile devices. Both operating systems provide a great user experience to their customers and most of the mobile applications available on both platforms.

Well, we all know how mobile phones help us to do our daily operations and we all know how it is a very convenient experience compare to do the same activity using a personal computer/ laptop/ or any other device. As per my experience, I highly believe for the popularity of mobile phones caused the size of the device, relatively fast user experience, small and convenient design compare to other devices, and do whatever we like at any location are the main considerations.

We can use our mobile phones to do almost anything in this digital era. For example, we are using our mobile phones for basically to make a communication medium between people, to handle the financial activities, to use online shopping special in these pandemic situations, for use social media, for learning and working tasks, and many more.

Over 205 billion times mobile apps are downloaded in 2018 around the world. And 57% of total digital media time spent on tablets and mobile more regularly. Our lives depend on the mobile applications for online banking, messaging, mobile account management, and business functions. Juniper Research says the total amount of users using mobile banking apps now approaching two billion. That is 40% of the world’s adult population at the moment.

The main priority of the developers/app service providing company is to provide a convenient and smooth experience to their users. Most of the users are providing their personal information to the service providers who providing app service to them( most of the time mobile app developers/company) while installing the apps into their mobile devices without thinking about possible security threats and risks. Most of the time security experts analyse widely using mobile applications regularly and providing their thoughts about the security and privacy status of those mobile applications. But as a user, we all need to aware about privacy and security of our data while using these mobile applications. Always we need to make sure mobile applications that we installed on our mobile devices are have security and privacy standards recommended by security experts.

We all know for provide a smooth service modern mobile apps require such accesses as location, internet, connectivity (Bluetooth, wifi), credit/debit card information, contact information, files, and photos access on the device and many more accesses which contain sensitive information of their users. That means to provide the requested service, the service provider needs to process our information on the mobile application. That is how most of the mobile applications work on your mobile devices to provide a great user experience without any interruption.

We all aware of the modern mobile application architectures and almost every app using cloud technology at the moment. That is a huge benefit to the users. Because all the user’s information stored in the cloud storage and if any technical issue happened to the their device/lost of data in local device doesn’t affect to the use of app service. And it helps to easily shift between mobile platforms like Android and IOS with the help of cloud technology. But on the other hand, there are many security and privacy issues related to these cloud technologies.

Using Mobile Apps for Track Active Covid-19 Cases

After this Covid-19 situation, most countries came up with a mobile application based solution for tracking the active cases in their country. This is one example of how modern technology provides an answer to issues in the real world. Almost every country like Singapore, South Korea, Taiwan, and Australia which provided mobile app-based tracking mechanism for tracking the active corona cases are highly succeeded. But installing an application on our daily driver device which already has some access to our location, connectivity, contacts, and many more has serious security and privacy concerns. If any unauthorized party able to access any loophole in this application leads to the below issues.

Possible Security/Privacy Risks and Threats on Covid-19 Tracking Apps, if it is hacked

Data Breaches

Almost every Covid tracking apps are using the cloud storages to store the information, and apps also have a user’s location, contact information, connectivity access like Bluetooth all the time. That means it contain sensitive information in their storage. To provide proper service they need to store required data in their cloud storage and access required user’s information as a background task on your mobile device.

Data breaches occur when the app service providers unable to handle its processed data. How it happens is different for every time. Unauthorized third parties trying to log into the service provider’s network and put their effort to access the data, try to come from the user’s end using the user’s stolen or exposed data, and many more. These are the most common method at the moment.

To prevent these kinds of unauthorized actions Covid tracking apps teams need to implement industry best practices on their application. Need to maintain excellent security mechanisms on their side. Because they working with user’s sensitive data all the time. They can store data in encrypted format in their databases, they can use ‘https’ instead of ‘Http’ for transferring data from one place to another, they can use multifactor authentication for user logging functions, and many more.

Both user and Covid tracking apps teams have the responsibility to prevent data breaches from their end.

Information Theft and Attacks

Cybercriminals are always trying to get financial accounts that the user’s financial information contains with their priority (ex: bank, financial, email accounts). But if it is not possible, they are moving to other available options(ex: social media). People are always thinking these are the only target area for attackers but it is not. If any platform contains a user’s financial information like streaming services, food delivery services, and many more. Today any service has a threat and risk if the service is large enough or not. We need to install the Covid tracking apps in the same environment which our other applications also installed. That means if an attack happens to the Covid tracking apps, that means our other applications also automatically affect to the attack.

Information theft means by using any kind of techniques to steal customer information without any permission and unauthorized way.

Both user and Covid tracking apps teams have the responsibility to prevent information theft from their end.

Security and Privacy Issues on Active Location Tracking Mechanism on Covid-19 Tracking Apps, if it is hacked

Covid tracking apps are using the best mechanism to track active Covid-19 cases by using mobile devices. Because everyone has mobile devices at the moment and everyone taking their mobile phone when they moving one location to another. This is the easiest way to track location-based active corona cases, where they contacted with active corona cases and when they contacted with active corona cases.

While using location-based tracking enabled apps like Covid tracking apps, it always tries to ensure the safety of our entire community. On the other hand as a part of society, our responsibility also helps the government to stop the spreading covid-19 among our society. This is one of the simplest steps we can take without any cost to ensure the safety of our entire community.

If we consider any mobile app, it has advantages as well as disadvantages. It depends on how people use that application. If you need to know how to protect yourself from these location tracking applications while using, you need to know what kind of location data allows to share online with the service provider and how this data enable threats to our privacy and our physical self.

By analysing user’s location information, anyone guess below user’s information

• Where is your house located

• Based on the living location, they can predict your income

• Based on your working location, they can predict your work

• What is your preferred store for shopping

• What is your route for home and work

• Where you will live when you get vacation.

Tracking Behavior

Normally when we share our location with other parties (not with Covid tracking apps), they can use that data to track the travel pattern, target consumers for unwanted marketing campaigns. By processing these collected data Covid tracking apps can highly detailed profile of person which already using the Covid tracking apps. It includes all the routines, individual behaviors, personal preferences and habits, and other personal information. If any unauthorized parties able to access these user’s information, that means there is a privacy and security risk for user’s information.

Identity Theft

If location data was stolen, criminals can use location data to steal the identities of users. Identity theft risk grows high when service providers start to collect user’s data profiles especially when they do not maintain proper security mechanisms. If any service provider maintains long-term data with them and if it is in a specific profile, it increases the likelihood of identity theft.

Personal Security

This location data is collecting to keep track of the active covid case movements and behaviors. If this data accessed from unauthorised parties, that means they know the individual’s present, past and by analysing these data most of the time they can predict the future movements of the users. It will be a security issue for the users. Also, they can predict the user’s properties and family located around his locations it will be an unnecessary risk for the users.

Summary

I’m just writing this article to give an idea to people who don’t have much idea about cyber attacks and the effect of those attacks. No doubt most of the modern tracking apps using the latest security mechanisms to secure their platforms. It is very hard to break their platforms and access their information. I always encourage people to use these great Covid-19 tracking apps to help our community to stop spreading this virus among our communities. I’m just giving a brief idea about, what will happen if any cyber-attacks happened on these platforms.

From the beginning of 2019 up to now, we all are facing to covid-19 situation without proper vaccines to stop spreading this virus. If we can use modern technology at least control the spreading of this virus among our communities. As per my perspective, we all can participate to control the virus spread by doing one simple action. That means downloading and installing one application, the same as we all do most of the time on our mobile devices. I think that is one of our main responsibility to ensure the safety of our society. On the other hand as a user and as a service provider, both of us need to ensure we are following the correct steps to ensure privacy and security of our data while using these tracking apps and as service providers, they need to provide security and privacy risks and threats free environment for their users.

References :

Bridges, J. (2019). Why geotracking is a growing threat to online privacy | ReputationDefender. ReputationDefender. Retrieved 17 October 2020, from https://www.reputationdefender.com/blog/privacy/why-geotracking-is-a-growing-threat-to-online-privacy.

Cooney, M. (2014). How do mobile location services threaten users?. Network World. Retrieved 17 October 2020, from https://www.networkworld.com/article/2360206/how-do-mobile-location-services-threaten-users.html.

Vulnerabilities and threats in mobile applications, 2019. Ptsecurity.com. (2019). Retrieved 18 October 2020, from https://www.ptsecurity.com/ww-en/analytics/mobile-application-security-threats-and-vulnerabilities-2019/.

Fullstack Developer | Microsoft Azure Developer | IT Enthusiast | Former Application Consultant | Contact - https://www.linkedin.com/in/charuka-kulathunga/