61408
  • Log in
The Daily Sceptic
No Result
View All Result
  • Articles
  • About
  • Archive
    • ARCHIVE
    • NEWS ROUND-UPS
  • Forum
  • Donate
  • Newsletter
The Daily Sceptic
No Result
View All Result

The Vaccine Passport Update to the NHS App Has Created a Honeypot For Hackers

by Toby Young
23 May 2021 11:36 PM

There follows a guest post by Lockdown Sceptics’ technology correspondent about last week’s vaccine passport update to the NHS App which, according to this industry insider, has created a honeypot for hackers.

Back in March I warned that the government had plans to turn the previously unremarkable NHS App into a cyber bully and privacy blabbermouth. Last week, an update appeared that increased the app’s functionality to include a Covid status certificate, but it included a privacy notice that strongly implied it held an unbelievable range of information about us all: “Information relating to the family of the individual and the individual’s lifestyle and social circumstances; Information which relates to the ethnic origin of the individual; Information relating to genetic/biometric details (where processed to uniquely identify an individual) and criminal convictions or alleged criminal behaviour”.

We knew vaccine passports were going to be a threat to our liberties but what this implied was off the scale. It was soon picked up by security experts like Prof Eerke Boiten of De Montfort University who fired off a Twitter thread that got the attention of the Daily Express and Julia Hartley-Brewer’s morning TalkRADIO show.

Remember how the NHS App was going to become our vaccine passport, as of yesterday? It turns out I was massively confused (or misled if you like) about its privacy notice, data controller, etcetera. This is because there are NOW 2 similar features on the app.

— Eerke Boiten (@EerkeBoiten) May 18, 2021

The policy was quickly updated, and you can read the saner version here.

The app’s upgrade has given it a new section: “Share your COVID-19 status.” If you click on it you could be forgiven for thinking you are still within the NHS app, but in fact you are taken to this website which is run by NHSX. It might seem an irrelevant detail, but despite its name NHSX is not the NHS. What is going on here is that one arm of the state is hiding behind the more trusted brand of another arm to get its software into your pocket. That’s sneaky and it does not take much imagination to see how this trick might be repeated in the future, with the NHS App being the conduit for all sorts of intrusive government schemes. What’s more, this is happening in the NHS App, which will be around for as long as the government wants, not in the COVID-19 app which Hancock promised to withdraw when the pandemic was over. This makes the prospect more likely that long after the pandemic is over we will be sharing things like immigration status, outstanding criminal allegations or historic driving convictions alongside our COVID-19 status for any busybody who feels they are doing their bit to keep us all safe.

The implication of this new section being hosted by NHSX is that the data is not being drawn from your GP-held medical record as I speculated in my previous article, but from a single national database, the National Immunisation Management System, previously used to coordinate national flu vaccine programmes, but now also used in the rollout of the Covid jabs. As the NIMS site says:

The demographic details of everyone resident in England or registered with a GP in England are imported into the system from the Primary Care Registration Management Service… Further data such as lists of shielded patients, NHS staff, social care workers, unpaid carers and ethnic category information are also uploaded. This data can then be used for prioritising invitation for flu or COVID-19 vaccination, and for reporting purposes.

That is a lot of very sensitive data in a single central database. It is a high-risk design with a single point of failure, but even worse from a security point of view, it is a honeypot for hackers. Last year, when a similar centralised approach was considered for the COVID-19 app, the E.U. weighed in with a statement saying “data are not to be stored in a centralised database” and this was followed up with a letter from 300 security and privacy researchers from 27 countries repeating the warning. NHSX subsequently changed tack and went with the Apple/Google decentralised model instead. Now, with the NHS App, those lessons are being un-learned. There is a naturally decentralised database available in GP-held records, but it has been shunned – presumably in favour of speed of deployment. And yet there is no public outcry this time, no open letters from security professionals.

We are suffering an ultra-cautious approach when it comes to reopening, but a reckless approach when it comes to privacy. With Covid-related phishing attacks up 15-fold and hackers raking in over £35m in UK Covid-related online scams since the start of the pandemic, the motivation and resources are there to crack these databases. So long as the politicians see privacy as an afterthought, the scammers will be toasting every new version of the app.

Tags: NHS AppVaccine Passports

Donate

We depend on your donations to keep this site going. Please give what you can.

Donate Today

Comment on this Article

You’ll need to set up an account to comment if you don’t already have one. We ask for a minimum donation of £5 if you'd like to make a comment or post in our Forums.

Sign Up
Previous Post

New PHE Study Says AstraZeneca Vaccine is Just 66% Effective. What Happened to “90% in the Over-65s”?

Next Post

Vaccine Safety Update

Subscribe
Login
Notify of
Please log in to comment

Profanity and abuse will be removed and may lead to a permanent ban.

16 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

NEWSLETTER

View today’s newsletter

To receive our latest news in the form of a daily email, enter your details here:

 

DONATE

PODCAST

Nick Dixon and Toby Young Talk About the Government’s Plan to Reduce Immigration, Elon Musk’s Message to Advertisers and Keir Starmer’s New Hero

by Toby Young
5 December 2023
2

LISTED ARTICLES

  • Most Read
  • Most Commented
  • Editors Picks

News Round-Up

7 December 2023
by Richard Eldred

COP28 President’s “No Science” Remark Blows Holes in Carefully Curated Net Zero Narrative

7 December 2023
by Chris Morrison

Study Dismisses Concerns About Sudden Cardiac Deaths of U.S. Students. Here’s What’s Wrong With It

6 December 2023
by Dr Clare Craig

Covid mRNA Vaccines Were Developed Under a Military Protocol and Required No Safety Oversight

7 December 2023
by Debbie Lerman

Professor Sir David Spiegelhalter Tells BBC That Covid Infections Were Dropping Before Lockdown and He “Really, Really Regrets” Not Having Evidence Sooner That Closing Schools Was Pointless

7 December 2023
by Guy de la Bédoyère

Professor Sir David Spiegelhalter Tells BBC That Covid Infections Were Dropping Before Lockdown and He “Really, Really Regrets” Not Having Evidence Sooner That Closing Schools Was Pointless

28

Sunak’s Last Chance to Stop the Boats: Read Suella Braverman’s Resignation Speech in Full

25

News Round-Up

24

With Climate Change, As With Covid, the Cure is Worse Than the ‘Disease’

41

Lockdown Trashed Britain’s Economy – Not Brexit

27

Translating Boris Speak

7 December 2023
by Prof Carl Heneghan and Dr Tom Jefferson

Media Blame Israel Over Paris Knife Attack and Hide Jihad

7 December 2023
by Robert Kogon

Professor Sir David Spiegelhalter Tells BBC That Covid Infections Were Dropping Before Lockdown and He “Really, Really Regrets” Not Having Evidence Sooner That Closing Schools Was Pointless

7 December 2023
by Guy de la Bédoyère

Covid mRNA Vaccines Were Developed Under a Military Protocol and Required No Safety Oversight

7 December 2023
by Debbie Lerman

COP28 President’s “No Science” Remark Blows Holes in Carefully Curated Net Zero Narrative

7 December 2023
by Chris Morrison

POSTS BY DATE

May 2021
M T W T F S S
 12
3456789
10111213141516
17181920212223
24252627282930
31  
« Apr   Jun »

SOCIAL LINKS

Free Speech Union
  • Home
  • About us
  • Donate
  • Privacy Policy

Facebook

Twitter

Instagram

RSS

Subscribe to our newsletter

© Skeptics Ltd.

No Result
View All Result
  • Articles
  • About
  • Archive
    • ARCHIVE
    • NEWS ROUND-UPS
  • Forum
  • Donate
  • Newsletter

© Skeptics Ltd.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Please note: To be able to comment on our articles you'll need to be a registered donor

Already have an account?
Please click here to login Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
wpDiscuz
You are going to send email to

Move Comment