StopCoviD: a safer app than social networks
We remember that last week the French authorities of the Institute of Computer Research (lNRIA) and the National Agency for Security of Information Systems had set up a bug bounty campaign in collaboration with the French company Yes WE Hack.
The goal of this collaboration was to find the maximum vulnerability on StopCoviD, and then find a way to fill them. In a comment on the issue, F5 Networks technical director Arnaud Lemaire recalled: "An application is developed by humans" as a result, "there are inevitably errors." As if to justify the perfect application fact devoid of any bugs, vulnerabilities do not exist.
This article will also interest you: StopCoviD: The application put to the test of hackers
However, with regard to StopCoviD, a tracing application initiated by the French government in addition to facilitating progressive deconfinement without having to undergo a new wave of coronavirus contamination, the experts in charge of the project are reassuring, and also reassure in passing. Indeed, Guillaume Vassault-Houlière, the boss of the firm specializing in security solutions, noted that the task of hacking the application at the moment is proving to be a very difficult one. For it is "a fairly mature platform that has already benefited from the recommendations of Anssi"." But of course, he does not deny the possibility that this is possible. "Specialized hackers always manage to find tricks, which can be benign as they can be very big. He adds.
Tested by the start-up Pradeo, a Montpellier-based company specializing in smartphone application security, Pradeo co-founder Clément Saad says that when it was about StopCoviD, there was no fear of "no unsecured connection." Although it is quite criticized in the it security sector and elsewhere, this does not prevent some experts from concluding about it, very positive analyses.
For now, we are waiting for its publication on the App store that Apple is the Google PlayStore. But the report of Pradeo's experts is quite conclusive and reassuring with regard to the tracing application. They note that: "The application is limited to the transmission of information collected by Bluetooth and respects the principles of privacy. ». According to this analysis by the cybersecurity firm, the French mobile tracking application would be in first place, tied with that of Germany, in the ranking of 30 applications developed by the states for mobile tracking, as part of the coronavirus constituency. This ranking was published by the same Montpellier firm and is still available on their website. The co-founder of the cybersecurity firm for mobile applications confirmed this ranking and said in a commentary: "Our proprietary tools have very quickly allowed us to reveal that it is meeting the state's commitments on computer security and respect for personal data." In this context, the analysis found conclusive approach: "The application does not make unsecured connections." This automatically eliminates the assumption that a malicious program could be installed on the user smartphone without its knowledge and via the tracking application. Moreover, the application to a particular feature, it does not "request and send any data of a personal nature" highlighted Clement Saad
Moreover, from the beginning of the project, the application has been criticized several times for being a solution for the government, to initiate a personal tracking of the smartphone of future users, even though the stated objective of the project was to simply inform anyone who installed it on his smartphone, about these interactions and if the latter had been in contact with a potential contaminated with coronavirus disease. In this approach, the cybersecurity firm means that "GPS is not used at any time" thus making traking impossible as described by the app's detractors. In addition, at no time does StopCovid access or attempt to access the personal data stored on the phone's memory. "Beyond the technical complexity, which was not huge, the political stakes in StopCovid's security were so high that things were well done. ». Commenting on the criticism of the mobile tracking app, Clément Saad concluded: "It annoys me a little when I see elected officials criticize the app only because they are in opposition, when all the policies are on social networks. StopCovid seems to me much less dangerous to install than google, Facebook or Twitter apps, not to mention real personal data vacuum cleaners, such as TikTok or Snapchat. ».
Now access an unlimited number of passwords: