Digital tracing and Covid-19: the risk of cyber-malveillance to be taken into account
Since the idea of creating a traceability solution for people infected with coronavirus was floated, the problem of computer security has automatically arisen.
Indeed, one wonders if there is a beautiful and a possibility that these traceability solutions could interest cybercriminals to the point of making it a preferred target. When asked about this, Gérôme Billois, an IT security expert at Wavestone, a cybersecurity firm, said: "Depending on how digital tracking systems are going to be implemented, we can create mega databases linked to people. Some information will be needed to prevent people with whom an individual tested positive for Covid-19 was contacted in the days before his screening: phone number, email…. Depending on the technology chosen, these databases can also brew location data or so-called proximity information.
This artivle will also interest you: A tracking system launched in concert by Google and Apple
In any case, the concentration of this personal data is sufficient to attract cyber criminals. And even if these applications are managed at the state level, it won't stop a motivated cybercriminal. ». But with the certainties that hackers are attracted to this kind of system, we must not overlook the fact that very important data will pass through and can be easily collected. Data that in the eyes of cyber criminals can be worth a fortune. "When it comes to medical data, the impact on people is much stronger. In addition to his contacts, if a hacker has information that a person is sick or not, he can carry out a massive fraud with more chance of deceiving his victims. Many scenarios can be imagined to exploit this type of data. Just by posing as a health care provider, he would then send an email to sick people offering them treatment as a priority, while requiring a credit card number to validate their identity. In such a situation, the most vulnerable people would fall into the trap. points out Gérôme Billois.
Seen in this regard, it is clear that the danger is real. Hackers usually go where they can assign and/or steal as much digital data as possible. and setting up this kind of system is literally a godsend for them. And it seems to be a reality when the security systems promised for these tools are supposed to reassure the general public. However, "Regardless of the architecture of the chosen service, there is almost always a need for a central data collection point. To alert people, you need to have minimal contact data like the phone. Sensitivity and exposure to cyberattacks will be reduced if the amount of information in this central base is limited. The Wavestone expert explained. In other words, to allow for a safe framework in the use of traceability tools as described, the solution would be to minimize the concentration of personal data that will be useful for the functioning of processes. This seems obviously difficult to achieve.
In addition, the computer security expert pointed out that one of the major risks to this traceability issue remains false applications. Because if the goal of hackers is to recover user data, putting into circulation dummy applications, would be one of the most effective ways. One can simply draw on the example of the false websites requesting permission to circulate that proliferated at the beginning of the confinement to confirm this thesis. "Cybercriminals use all major events that mobilize the population. If the government launches a digital traceability application, you can be sure that fraudulent sites and phishing campaigns will appear to either usurp the official application or to tout the merits of a supposedly more effective application. And unfortunately the most gullible will click on the fraudulent links. ».
In other words, this issue must be taken very seriously. It is to be hoped that the authorities who plan to set up such a system will also put the necessary means to ensure the safety of users.
Now access an unlimited number of passwords: