Evaluation of SwissCovid app

Own Analysis of SwissCovid The National Cyber Security Center (NCSC) organized a public security test of the SwissCovid app. The test "aims to provide full transparency". In response to...
by Jun 19, 2020





Possess Evaluation of SwissCovid


The National Cyber Security Heart (NCSC) organized a public safety take a look at
of the SwissCovid app.
The take a look at “targets to provide pudgy transparency”.

In accordance with the public take a look at, we equipped a document on June 5 which used to be
field to To blame Disclosure without a duration restrict.
A summary of our conclusions were rapid published by NCSC with out our
document.
On the opposite hand, our document were commented and even criticized in the clicking
on June 10 by SwissCovid representatives
(whereas we were restful forbidden to publish the document itself).

On June 16, we bought an authorization to publish by ourselves.
The NCSC dwelling lists many safety review experiences which would be rather
optimistic about SwissCovid.
It doesn’t checklist ours.
As a substitute, it comprises a “detailed diagnosis” by NCSC about out document.
We are in a disagreement with this diagnosis.

Because it appears to be rather clear that dialog is now no longer transparent,
we build right here our observations for the public.

The June 5 document used to be augmented with an addendum.
In summary, our observations are as follows.

  • Despite the truth that the availability code of the app is equipped, we are in a position to now no longer
    bring collectively it, flee it, and develop it work with out signing an settlement
    with Apple or Google.
    We enact now no longer get it well suited with the belief of beginning provide.
  • A vital fragment of the contact tracing protocol (which used to be in the beginning the
    DP3T protocol) is applied by Apple-Google in a fragment of the system
    called GAEN.
    This fragment has no accessible provide code although the law requires
    disclosure of the availability code of all parts of the system.
  • Some servers are hosted by Amazon, as fragment of a CDN provider.
  • The accessible records to doable users is unclear, incomplete,
    or unsuitable.
  • Customers is at possibility of be traced or identified by surveillance programs of
    third events whereas the expend of SwissCovid.
  • Identified users who document delight in a possibility to be identified by a third
    birthday party.
  • Third events would possibly possibly inject flawed that that you would possibly possibly imagine contamination signals on a
    goal phone or on a foremost team of goal telephones.
    This would consequence in making folks drag to quarantine with out being
    thought to be as at possibility.

To resolve GAEN having no accessible provide code although the law mandates
all parts to thrill in an accessible provide code, the Federal Council
issued an ordinance making an exhaustive checklist of parts which does
now no longer embody GAEN.
To account for such exclusion, SwissCovid promoters argue that GAEN is
fragment of the operating system of the phone, or most incessantly fragment of the
Bluetooth dialog interface of the phone, and that it’s no longer
frequent to require to expose the availability code of such parts.
We speak that GAEN is such a fragment of the phone, on the least on Android telephones.
GAEN is fragment of the Google Play Companies and products which would be just of the
operating system and of the dialog interfaces.
We would no doubt flee a pre-identical outdated version of SwissCovid on an Android
phone which had no Google Play Companies and products.
On the opposite hand, this phone had the Android operating system and must expend
Bluetooth.
Furthermore, many of the outdated DP3T protocol which used to be applied in
this pre-identical outdated version disappeared in the latest version of the app
since an identical protocol is now in GAEN.
We create that there just isn’t a founded technical justification for with the exception of
GAEN from the parts of the system.
We strongly mediate that the ordinance is a real trick to bypass the law
which is the final consequence of a disagreement between SwissCovid and
Apple-Google.
We bustle constitutional specialists to develop an review on the validity
of the ordinance.

We build right here the NCSC diagnosis on our document along with our delight in notes.
The summary of our remarks are as follows.

  • NCSC says that the outcomes of the public take a look at come in on
    the NCSC web dwelling.
    On the opposite hand, our document is now no longer there and we wonder if rather just a few experiences are
    lacking.
    We order that the public take a look at is now no longer as transparent as it aimed.
  • NCSC restful insinuates that GAEN is fragment of the operating system,
    which is now no longer the case.
  • NCSC claims that the expend of GAEN increased the privacy of the users.
    We strongly disagree with this commentary.
    Outsourcing a vital fragment of contact tracing to an opaque implementation,
    which is made accessible by a third birthday party,
    which used to be build in on up-to-date telephones with out the consent of the
    users,
    and
    which used to be now no longer field to an just audit
    can now no longer reinforce the privacy of anybody.
  • NCSC claims that GAEN is an interface and now no longer a protocol.
    We disagree with this commentary.
    GAEN implements a vital fragment of the contact tracing protocol, what outdated-normal
    to be the DP3T protocol.
    We quite take the app as being an interface between GAEN, the servers,
    and the user.
  • NCSC argues that Amazon webhosting some servers is harmless since the
    provider is handiest about distributing non-sensitive records.
    In rather just a few context, such inform has been confirmed to be corrupt.
    On the opposite hand, we now delight in got insufficient records to assess on the safety
    impact of this provider.
  • NCSC talked about lots of that that you would possibly possibly imagine assaults being identified and documented
    with out offering any reference.
    We are aware those assaults are now no longer new and we are in a position to now no longer imagine NCSC
    is unaware of those assaults.
    Our significant level is that users must be responsive to those assaults and
    records is now no longer with out problems accessible at the present.
  • NCSC states that “Customers can consistently turn off tracing if they’re in
    what they take into checklist to be a sensitive atmosphere”.
    We strongly accept as true with it but we mediate that users must learn about
    that that you would possibly possibly imagine assaults and to be reminded that they’ll turn off
    SwissCovid if they’re concerned.
  • NCSC argues that having apps scanning Bluetooth although the user
    turned off Bluetooth is now no longer a possibility for the user.
    That is unsuitable.
    Some apps (and even GAEN) would possibly possibly continue scanning
    (towards the user’s consent).
    They would possibly resolve the danger of an infection of the user with thresholds
    rather just a few than those from FOPH and additionally title the contacts of
    the user.
    For the time being, turning off Bluetooth scanning is subtle on telephones
    and this is identified as a privacy possibility.
  • NCSC claims that malicious apps are now no longer an dispute particular to
    SwissCovid.
    Our level is that SwissCovid adds a threat that malicious apps can
    exploit.

Our references:

Excellent references (in French):

Other references:


Last update: June 19, 2020.

Be taught More

Categories
Internet of Things

by - Jun 19, 2020

by - Jun 20, 2020
No Comment

Leave a Reply

RELATED BY