Q

Discusses the possible threats and risks to the security of user data on mobile phones, and in linked Cloud

Home, - Discusses the possible threats and risks

Scenario - The sudden increase in COVID-19 cases worldwide has caused considerable disruption in many countries. However, a number of countries have started to use an individual tracking approach to try and contain the spread of the virus.

Task - After your successful engagement to develop privacy and personal data protection strategies for DAS, you have been engaged by the Department of Health (DoH) to advise on the development of privacy and data protection for CovidSafe users. DoH expect up to 16 million Australian mobile users to download and use this app. DoH have announced that they will be using a major U.S. based public cloud provider to host the CovidSafe data, but claim that the data will always be under Australian Government control. You are to provide a report to DoH that:

Question - Discusses the possible threats and risks to the security of user data on mobile phones, and in linked Cloud and financial accounts from the use of the CovidSafe app.

Answer - Security threats and issues to user data of COVIDsafe application

The CovidSafe application was decided to host on the public cloud provider so that the citizens of the Australia can access this application in their mobile phones. The Covidsafe application mainly employed to reduce the spread of this virus. The affected individual can use this application and enter their personal details (Steve, 2016). Then the suitable advice will be given by the medical experts and quarantine period will be mentioned. And also surrounding people are advised to not to meet the affected individual. The patient will be monitored with the help of this application. Thus the application withholds various personal details of the patients and also has some financial details exist in the phone. The hackers sometimes attempt to hack the data present in the mobile and it significantly leads to security issues. The collection of the individual movement data in context of tracing applications can violate the data minimisation principle and cause the security and privacy issues. The following are the data that has been collected by the COVIDsafe application such as:

  • Name
  • Age
  • Postcode
  • Mobile number

The collection and disclosure of the personal data must be in accordance with the privacy act otherwise the security and threats will evolve. Some of the security issues and threats evolve to the user data and they are (Al-Fedaghi, 2018):

Data leakage

Due to improper disclosure of the personal details of the patients, the data leakage occurs. The mobile based COVIDsafe application often causes the unintentional data leakage. The cloud based application contains some financial account details and thus the leakage of those details causes the serious concerns to the Australian government as well as users of this application (Shabtai, 2012).

Network spoofing

The hackers sometimes set up the free access point to look like the private Wi-Fi networks and thus usage of those network will completely paves the way for the intruders. Sometimes, the users are required to create the account to access these services and thus the password and email combinations are required. Many users use the same passwords for several applications and thus the guessing of the password is possible by making this attack.

Phishing attacks

As per the study, it has been seen that the mobile users always affected with this attack because they often involved in monitoring of the emails. The users of the mobile devices will be susceptible to the attacks because the email application displays the lesser information to use the smaller screen sizes. Sometimes, the hackers format the emails as per the normal emails and thus the user may attempt to click those mails. The user will be directed to unprotected websites and thus the intrusion of virus and attack can be made (Shreeram, 2010).

Spyware

The malicious software will be installed in the mobile device without the knowledge of user and thus stealing of the data occurs. The whereabouts and activity of the user were steal by the hackers.

Improper session handling

In order to facilitate the easy access of the mobile devices transactions, many applications employ tokens and it may permit the users to carry out multiple actions without enforced to re-authenticate their digital identity. The COVIDsafe app may generate the tokens for easy access and thus the session must be kept confidential. The improper session handling takes place whenever the application shares the session tokens in unintentional manner. The intruders may attempt to access the confidential data when the session has been opened for longer time even after the user navigates away from the website or applications.

Vulnerability to data interception

Whenever the user'stests become positive for the COVID 19 and then their data will be uploaded in the web servers. Data from the COVIDsafe application will be reserved o user device and transferred in encrypted way to the server. Thus the attacker can be able to intercept such kind of communication (Savola, 2014).

Bluetooth hacking

The COVIDsafe app is integrated with the Bluetooth technology and thus the Bluetooth hacking will be performed by the intruders to obtain full control over the mobile devices. It is advised not to accept unsolicited transferring of files or requests from the unknown devices.

Out-dated issues

The health departments engaged in accessing of the user details and thus the storing it in their system for providing suitable advice to the users. Thus the usage of out-dated security applications and system can made the attackers to the private information of the users and thus the whole security in the network will get affected.


Leave a comment


       
Captcha

Related :-