Hackers can easily steal passport photos from vulnerable UK Brexit app, report claims
时间:2024-09-22 09:26:36 出处:资讯阅读(143)
The UK Home Office’s “EU Exit: ID Document Check” application, which allows citizens and their families to apply for the EU Settlement Scheme, is vulnerable to hacking.
This is according to a report by Norwegian cybersecurity company Promon, which specializes in securing apps from hacking attacks.
According to the report, the Brexit app (as it's commonly called) "lacks functionality that prevents malware from reading and stealing sensitive information provided by users, including passport details and photo IDs." Basically the app's not resilient enough to hackers adding malicious elements to it, repackaging it, redistributing it, or injecting malicious code while the app is running.
Promon claims hacking the app could be done by someone with limited technical skills, using commonly available tools.
The researchers point out that they didn't reveal a specific vulnerability; their assessment is based on the app's general lack of resilience against common attacks. They also focused on the Android version of the app; the app is also available on iOS.
The Android version of the Brexit app has been downloaded more than a million times. It asks users to give up sensitive information, including scanning their passports and photographing their faces.
SEE ALSO:Chinese hackers infect carriers to steal SMS messagesThe Financial Times, which first highlighted the issues raised in Promon's report, spoke to a Home Office spokesperson, who said the app is "regularly tested by independent security firms against all known and emerging threats and adheres to industry best practice on security, performance and accessibility."
According to the spokesperson, "over a million people have used the app safely."
猜你喜欢
- 50 Years Later: The Revolutionary 8008 Microprocessor
- Twilio hack results in security issue for 1,900 Signal users
- 维护金融消费安全 构建和谐金融环境
- Researcher hacks into Elon Musk's Starlink system using $25 homemade device
- 13 Astronomical Clocks Connecting Time And Space
- Twitter will only show verified accounts on its 'For You' page
- Military decides not to view homosexual intercourse as harrassment
- 30 Years of Civilization
- Carbon neutrality law violates basic rights: Constitutional Court