Israeli Government’s CoronaApp Exposed Users' Medical History to Hackers

רן בר זיק - צרובה
Ran Bar-Zik
Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Workers at Ben-Gurion Airport wear protective masks, February 25, 2020.
Workers at Ben-Gurion Airport wear protective masks, February 25, 2020.Credit: Ofer Vaknin
רן בר זיק - צרובה
Ran Bar-Zik

A major security flaw that allowed hackers to extract confidential medical information of some 75,000 Israeli users was discovered in the Health Ministry’s CoronApp, intended to provide information about coronavirus and allow users to consult with experts and report their quarantine.

According to the Health Ministry, there was no hostile breach of the app’s database and the bug has since been fixed.

Users who installed the CoronaApp were required to enter personal details including history of illnesses. Many users also gave their email addresses so they could receive updates.

Bibi limps to election 'victory.' But he didn't win

-- : --

Security researcher Dudi Kretchmer discovered that a critical security breach allowed anyone who used a common hacking tool to access all user records, and even hack their accounts and act on their behalf.

The app was also stored on a three-year-old server that has several documented security breaches, meaning it could have easily been used by hostile parties to sabotage the application itself.

A report was immediately sent to the National Cyber Security Authority, which responded swiftly.

“From the moment the journalist pointed the problem to us, the company’s developer and the best cybersecurity experts immediately and quickly worked to locate and resolve the problem," the Health Ministry commented. "It should be stressed that according to an examination by hired experts and as far as we know, there was no breach and no personal information was leaked."

Click the alert icon to follow topics: