NHSX COVID-19 tracing app brings cyber security concerns
Half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep their information safe from hackers. This is according to a study carried out by Censuswide on behalf of Anomali.
The nation-wide survey examined consumer attitudes to the proposed tracing app, particularly their confidence and wider trust in the government to appropriately and justly handle the data collected for the scheme.
Other major findings from the report include:
- Around 43% of respondents were concerned that the app would give cyber criminals the opportunity to send smishing messages or phishing emails.
- Yet, only half (52%) felt they were savvy enough to differentiate between a legitimate email or text message and a phishing/smishing message.
- A further third of respondents (33%) are concerned that the app might allow the government to track their whereabouts.
- Over a third of respondents (36%) are concerned that the app might allow the government to collect data on them.
According to the NHS website: “Contact tracing is a tried and tested method used to slow down the spread of infectious diseases. The NHS COVID-19 App automates the process of contact tracing. Its goal is to reduce the transmission of the virus by alerting people who may have been exposed to the infection so they can take action to protect themselves, the people they care about and the NHS.”
The first phase of the initiative was piloted in the Isle of Wight earlier this month for testing before proposing a national launch. This study set out to gauge the trade-off between privacy and the ‘greater good’ and what people’s comfort levels are when it comes to the government tracking them. Though many demonstrated concerns over the government tracking them via the app and even more respondents unsure about the government being able to keep their information safe from hackers, there was also apprehension about being targeted by opportunistic cybercriminals; and rightly so.
“At this stage, nobody knows where to get the NHSX app from, so it can be reasonably expected that consumers will be faced with floods of emails with bogus links to convincing looking domains to download the app from,” said Jamie Stone, Head of EMEA at Anomali.
Stone explained that the link will simply be a web page that will ask people for more personal information than the genuine app and the information could be used in future attacks against the individual. Stone also warned over an increase in people being targeted by mobile phone communications.
“There is also the danger of smishing attacks; similar to a phishing attack, but the phish is done via SMS message,” Stone added. “Due to the smaller screen real estate, people will be less able to check the veracity of the link so will be more trusting and might click it.”
With thousands more domain registries for COVID-19 noted by Anomali over the past few months, the public will have to be extra vigilant when it comes to what they download or click.
“It’s tough to predict the increase in the volume of attacks we’ll see. However, we’re already seeing thousands of rogue and spoof COVID-19 domains being registered and used in attacks,” Stone continued. “Global interest around the virus, and each nation’s track-and-trace apps, means that attackers will likely use many of these domains to host phishing attacks via both email and SMS. People using COVID tracking apps need to be extremely vigilant and aware, ensuring that they’ve installed official government apps and that they are interacting with authentic messages from the agencies.”
The survey was carried out between 7th and 11th May by Censuswide among 1,000 UK consumers.