ToorCamp 2022

COVID-19 Tracing Apps: The Proliferation of Rushed Development
2022-07-14, 12:00–12:50 (US/Pacific), Prime Dome

The COVID-19 outbreak made 2020 an unprecedented year, bringing with it a slew of cybersecurity concerns. With the increase of COVID-19 cases crippling healthcare providers across the globe, tracking and containing the outbreak became a top priority. Countries scrambled to develop contact tracing applications and rushed their development, prioritizing application functionality over security. Driven by skepticism that rushed applications truly possess robust security controls, we were motivated to expose weaknesses present in contact tracing applications. Our talk will discuss the testing conducted on contact-tracing applications, including our discoveries. Then, we will run through the implications of rushed development, including its causes and effects. Finally, we will conclude with solutions that could mitigate and prevent security risks associated with accelerated application development.

Aleks Frelas is the Director of a Penetration Testing program, focusing on web application penetration testing, social engineering, and anything aviation security related.