Hackers can easily steal passport photos from vulnerable UK Brexit app, report claims

The UK Home Office’s “EU Exit: ID Document Check” application, which allows citizens and their families to apply for the EU Settlement Scheme, is vulnerable to hacking.

This is according to a report by Norwegian cybersecurity company Promon, which specializes in securing apps from hacking attacks.

According to the report, the Brexit app (as it's commonly called) "lacks functionality that prevents malware from reading and stealing sensitive information provided by users, including passport details and photo IDs." Basically the app's not resilient enough to hackers adding malicious elements to it, repackaging it, redistributing it, or injecting malicious code while the app is running.

Promon claims hacking the app could be done by someone with limited technical skills, using commonly available tools.

The researchers point out that they didn't reveal a specific vulnerability; their assessment is based on the app's general lack of resilience against common attacks. They also focused on the Android version of the app; the app is also available on iOS.

The Android version of the Brexit app has been downloaded more than a million times. It asks users to give up sensitive information, including scanning their passports and photographing their faces.

The Financial Times, which first highlighted the issues raised in Promon's report, spoke to a Home Office spokesperson, who said the app is "regularly tested by independent security firms against all known and emerging threats and adheres to industry best practice on security, performance and accessibility."

According to the spokesperson, "over a million people have used the app safely."