14/Nov/2019
According to the Financial Times, a smartphone app developed by the Home Office to help European citizens apply to live and work in the UK after Brexit has serious vulnerabilities. Researchers have found that the flaws in the app could allow hackers to steal phone numbers, addresses and passport details. To date more than 1m out of the estimated 3.5m EU citizens living in the UK have downloaded the EU Exit: ID Document Check app for Android smartphones.
As the FT reports: the app was introduced earlier this year to replace a notoriously bureaucratic 85-page application for UK residency. The app allows users to submit photographs of their passports to the Home Office and checks whether the documents are valid by reading the biometric chips that are now standard in EU passports. Users also type in their names, addresses and telephone numbers, and have to prove their identity using facial recognition technology from iProov.
According to the news article, researchers at Promon, a Norwegian cybersecurity company, found major loopholes that allowed them to take control of the app and access any information that was entered into it, including the facial scans and images of passport pages. They were also able to see information being typed into the app, such as usernames, passwords and other details, and were able to alter information being entered.
Find out more via the link (subscription may be required).
