The U.K.’s National Health Service (NHS) is all set to launch an NHSX contact-tracing app based on similar implementations in China and India. However, like the concerns raised in these countries, 48% of the U.K.’s citizens showed distrust in the government’s latest technological adoption. As per a survey conducted by Censuswide on behalf of Anomali, the citizens fear that their personal data might be at risk as cybercriminals may take advantage of it.
Due to the coronavirus pandemic, the app has been developed in very compressed timelines and like every development, compromises were made in the name of timeliness.
The NHS started the NHSX app trials on May 4, 2020, and subsequently released the beta application code for review. The NHS said, “Due to the coronavirus pandemic, the app has been developed in very compressed timelines and like every development, compromises were made in the name of timeliness. Hence, the intent of being open before a national launch was to show what and how the app will do, and to get some peer review from security and privacy researchers.”
Thus, a stringent timeline and overlooked issues made citizens fear the consequences. However, the NHS clarified that the contact-tracing app is designed to slow the spread of Coronavirus whilst protecting users’ privacy. It will not ask or collect any personal information such as name or email address. As an additional security perimeter, the NHS states that all users are assigned a random and unique installation ID. It will securely store only the first part of the postal code, your installation ID, and the registered mobile phone’s make and model.
Other findings of the survey include:
- Around 43% of respondents feared that cybercriminals would take this opportunity to send smishing messages or phishing emails.
- Yet, only half (52%) of them felt they could differentiate between a legit email or text message and a phishing/smishing message.
- 33% of the respondents also fear that the government could use this app to track their movements.
- While 36% believe that the government could secretly collect data on them through this app.
The general consensus is that although all the privacy and security perimeters are in place, cybercriminals will most likely target the contact-tracing app and also exploit and manipulate Bluetooth vulnerabilities since the app uses a Bluetooth signal to keep track of any possible COVID-19 patients in the immediate vicinity by transmitting an anonymous ID. These worries can be understood due to the surge in the COVID-19 pandemic-themed cyberattacks and phishing emails posing as health advisories and government notices.