Brexit App Lacks Basic Security

The General Election is only a fortnight away, yet Brexit is still something that the political parties either want to see done or not. 

The Home Office released an app called EU Exit: ID Document Check, but Norwegian security firm Promon, discovered that the app was lacking in basic security checks, potentially exposing passport and biometric information of over one million users. 

A spokesperson for Promon, said:  

Attackers may modify or add malicious elements to the app, repackage and re-distribute the app, without the app noticing such changes or foreign elements. 

“The app is [also] not resilient against code being injected while the app is running, allowing hijacking the app from the inside, by the use of basic and widely spread tools. 

During the Promon’s testing, it found that the app fell short of OWSAP best practices, by lacking functionality to prevent malware, being unable to detect if an attack is using debugging tools in runtime and is vulnerable to even basic spyware which is designed to harvest text entered into the app. 

Promon CTO Tom Lysemose Hansen said:  

“At this time of political uncertainty, the last thing that people who are applying to remain in the United Kingdom need, or expect, are concerns around whether their passport information and photo IDs are being stolen by hackers. 

“As the app will continue to grow in popularity and demand with more people fearful of what will happen to them if the UK does leave [the EU], it means that it will become increasingly attractive to attackers, with the potential subsequent fallout devastating.”