Private information contained within the NHS mobile app that’s going to be used as a Covid vaccine passport when international travel returns could be accessed by hackers at airports if logged into on insecure Wifi networks. The Telegraph has the story.
Britons travelling abroad have been warned against using airport WiFi to log into the NHS app to their vaccine passports in case they hand over their health details to hackers…
Logging into the app and loading health data while on insecure WiFi networks could see hackers gain access to passwords as well as sensitive personal information about people’s health conditions.
Peter Yapp, a Schillings partner who was previously a Deputy Director at GCHQ’s National Cyber Security Centre, urged people not to rely on networks that can steal your data.
“Don’t access this, if at all possible, through WiFi connections that you don’t know anything about,” he said. “That just gives someone the opportunity to potentially get the data as it’s passing through.”
Hackers have used their own malicious public WiFi networks in the past to trick people into signing up for them and then stealing their information as it passes through.
“It has happened for a long, long time and it continues to happen,” said Matt Lock, a Director at cybersecurity business Varonis.
“There is nothing stopping anybody from walking into these public spaces and setting up their own public WiFi,” he added. “Then you’re in a situation where all your traffic is potentially being captured.”
Hackers can easily set up their own WiFi networks in public spaces, often with innocent-sounding names that mimic legitimate networks.
Once a victim logs on to a hacker’s network, all of their web traffic can be intercepted so that hackers can monitor which websites and apps are used.
They can also steal their login information including passwords and any data sent to their apps, including the health records shown in the NHS app.
The Government is said to be examining ways to export a vaccine passport into a “digital wallet” that can be accessed offline.
This is not the only example of a Government Covid app facing criticism over its security (or lack thereof). Last month, an update to the NHS Test and Trace mobile app was blocked by Apple and Google because it broke rules about the collection of location data.
The Telegraph report is worth reading in full.
To join in with the discussion please make a donation to The Daily Sceptic.
Profanity and abuse will be removed and may lead to a permanent ban.