A major security flaw that allowed hackers to extract confidential medical information of some 75,000 Israeli users was discovered in the Health Ministry’s CoronApp, intended to provide information about coronavirus and allow users to consult with experts and report their quarantine.
According to the Health Ministry, there was no hostile breach of the app’s database and the bug has since been fixed.
Users who installed the CoronaApp were required to enter personal details including history of illnesses. Many users also gave their email addresses so they could receive updates.
Security researcher Dudi Kretchmer discovered that a critical security breach allowed anyone who used a common hacking tool to access all user records, and even hack their accounts and act on their behalf.
The app was also stored on a three-year-old server that has several documented security breaches, meaning it could have easily been used by hostile parties to sabotage the application itself.
- Israel Extends Coronavirus Quarantine Orders to All Arrivals, 58 Cases Confirmed
- Israel's Coronavirus Policies Are Too Extreme
- Fourth AIPAC Conference Attendee Tests Positive for Coronavirus
A report was immediately sent to the National Cyber Security Authority, which responded swiftly.
“From the moment the journalist pointed the problem to us, the company’s developer and the best cybersecurity experts immediately and quickly worked to locate and resolve the problem," the Health Ministry commented. "It should be stressed that according to an examination by hired experts and as far as we know, there was no breach and no personal information was leaked."