CoviD-19: Focusing computer security research on Bluetooth
Today Bluetooth is at the heart of many debates.
Who would have thought that a few months ago. A technology that there is underneath may have-been and is now at the heart of a technology that is being developed to contain the progression of the virus.
This article will also interest you: Mobile tracking: Bluetooth and its vulnerabilities, always at the heart of the debates
According to experts, not least, this technology has several vulnerabilities to be used in this context. That's why Niels Schweisshelm, the technical program director at US firm HackerOne, recommends that developers focus on the security of this technology. In a similar vein, VMware Carbon Black's head of cybersecurity strategy, Tom Kellermann, also stressed the importance of testing contact search software on a regular basis for early vulnerability detection, which will facilitate the release of security patches quickly against critical vulnerabilities. He stressed that these applications should be configured to receive updates automatically. It will then advise users, in a preventive context, to activate Bluetooth only when leaving their homes, to avoid that is not active at all times. While effectively limiting the parameters to locate.
In addition, who talks about security also talk about the management of the data that will be collected. Indeed, "Any personally collected information must be properly stored and encrypted," says Stas Protassov, even if for him, the data should not be stored at all. But failing that, several precautions must be taken to avoid any massive data leakage. For the president of Acronis, the rulers must follow the example of Singapore. Require more transparency in the management and collection of data in this type of application, while having a clear and clear view of how the data is collected, who has access to it and of course how it is stored, especially how the issue of identifying the people involved works. GovTech, a national agency describes how one of its applications works, contact tracing: "It creates a temporary identifier that is generated by encrypting the user's ID with a private key, which is held by the Ministry of Health. The temporary ID is then exchanged with nearby phones and renewed regularly, making it difficult to identify or link the temporary ID to the user. (…) Your phone will store temporary identifiers of nearby phones, as well as information about the model of the nearby phone, the power of the Bluetooth signal and the time. All this information is stored locally on your phone, and is not sent to the Ministry of Health unless your contact is traced."
furthermore. For some specialists, such as Zulfikar Ramzan, technical director of the RSA, Bluetooth is not as vulnerable as is said. Indeed, he believes that this technology has matured enough and is fairly reliable than many recent protocols. But that doesn't rule out the fact that users have to constantly insure their smartphones are constantly updated and that vendors are doing enough to improve the security of their device, because no computer system is sufficiently protected to avoid any computer attacks. However, for the latter, Bluetooth is totally preferable to certain technologies such as GPS, because it does not require certain information such as geographic positioning in order to function properly. "From a privacy perspective, it is desirable to set up contact tracing applications that collect the minimum amount of information needed to determine if two people are in contact with each other. To do this, it is not necessary to collect accurate information about the location, but rather to determine whether two people are in the same place," he concluded.
The expert does not fail to raise the issue of privacy. For, data collection also says that some of the fundamental rights of users are at risk: "Today we are living in a golden age of surveillance where our actions leave behind small digital pebbles. By correlating the data collected by contact tracing applications with other surveillance data, the level of privacy exposure can increase dramatically," he says. That's why the Asia Pacific technical director at cybersecurity firm Checkpoint said users should ask themselves several questions before downloading a tracking app: "I would also like to know what other applications or permissions this application has access to. Some kind of official statement that personal data is protected will be required before I download and use these applications."
Now access an unlimited number of passwords: