New security issues have been discovered in the UK Government’s NHS contact tracing app, as well as a potential data breach.
The app is currently being trialed on the Isle of Wight and privacy issues have been raised, which the National Cyber Security Centre (NCSC) told BBC News it was already aware of and is in the process of addressing. Raised by researchers Dr Chris Culnane and Vanessa Teague, the main issues include:
- In the presence of an untrusted TLS server, the registration process does not properly guarantee either the integrity of the authority public key or the privacy of the shared secrets established at registration. The result completely undermines core security goals of the protocol, including its privacy and its resistance to spoofing and manipulation
- In the presence of an untrusted TLS server, the storing and transmitting of unencrypted interaction logs facilitates the recovery of InstallationIDs without requiring access to the Authority Private Key
- Long lived BroadcastValues undermine BLE specified privacy protections and could reveal additional lifestyle attributes about a user who submits their data
- The monitoring of interactions at eight second intervals could create unique interaction signatures that could be used to pairwise match device interactions, and when combined with unencrypted submission, allow the recovery of InstallationID from BroadcastValue without access to the Authority Private Key
- The use of a deterministic counter to trigger KeepAlive updates risks creating an identifier that could be used to link BroadcastValues over multiple days
The researchers praised the “cryptographic protocol of the UK’s app [that] includes a much better effort at mitigation of most external attacks” and said there are admirable aspects of the implementation and the open availability of the source code.
“However, the messaging around the app, and in particular suggestions of broadening the data collected, combined with insufficient legislative protections, a lack of siloing of the data and no sunsetting of the data retention or usage, risk undermining the trust that has been earned,” they added.
The number of risks were varied, Culnane told BBC News, explaining that, terms of the registration issues, “it's fairly low risk because it would require an attack against a well protected server, which we don't think is particularly likely.” However, he did warn that the risk surrounding the unencrypted data is higher, “because if someone was to get access to your phone, then they might be able to learn some additional information because of what is stored on that.”
David Grout, CTO for EMEA at FireEye, said: “The mounting security concerns and doubts attached to the trailed NHS app are stemming from registration issues and the use of unencrypted data within the app which can be exploited by cyber-criminals. One of the biggest concerns is attached to the fact it’s based on a ‘centralized’ model.
“Just yesterday, France defended its own centralized model where contact-matching happens via a computer service, as opposed to the decentralized model which uses the people’s phone to make the match. The UK Government will need to address these safeguarding issues ahead of the full nation roll-out, so citizens are fully confident that their data is not compromised but stored securely.”
The research came as Serco apologized after an employee accidentally shared the email addresses of almost 300 contact tracers when they were cc’d (rather than bcc’d) in an email to inform new trainees about training details.
Also, a group of civil society organizations, privacy advocates and academic researchers have written an open letter to Health Secretary Matt Hancock, asking questions about the contact tracing data store.
Signed by the likes of the Open Rights Group, Big Brother Watch, Privacy International and Liberty, they urged Hancock to “provide the public with more information and take appropriate measures to reduce the risk of data sharing and keep the aggregated data under democratic control.”