Home Office app for EU citizens easy to hack- Comment

Reports have surfaced stating that a smartphone app developed by the Home Office to help European citizens apply to live and work in the UK after Brexit has serious vulnerabilities that could allow hackers to steal phone numbers, addresses and passport details, according to researchers. So far more than 1m out of the estimated 3.5m EU citizens living in the UK have downloaded the EU Exit: ID Document Check app for Android smartphones.

Jonathan Knudsen, senior security strategist at Synopsys, commented “Anyone can stack one rock on top of another, which is fine if you want to make a pile of rocks. If you want to build a bridge, or a cathedral, you need more skills, better planning, and knowledge of physics, trigonometry, and materials. Similarly, anyone can write software. Making software that is secure and resilient (as all software should be) requires more skills, better planning, and more knowledge than just writing code in a text editor.

The cornerstone of real software engineering is a Secure Development Life Cycle, in which security is a primary consideration at every phase of design and implementation. Coupled with more testing and better testing, the SDLC is a process that helps organizations produce software that is safer, more secure, and more robust.

 

The Home Office’s intention to replace a cumbersome paper application with a smartphone app is laudatory, but the implementation has fallen short. Perhaps a top-to-bottom security-forward reworking of this app would produce both the desired functionality as well as the necessary safety and security for such a sensitive app.”

 

(34)

Share