South Korea self-isolation app security flaws exposed user data

South Korea’s self-isolation app that monitors people in quarantine contained a serious security flaw that would allow hackers to access names and locations of users

  • South Korea’s quarantine app contained multiple serious security flaws 
  • It left personal data like name, real-time location, and phone number vulnerable
  • The flaw has reportedly been fixed and there are no known cases of it being exploited
  • The country’s self-isolation app was downloaded 162,000 times 

A government app used by South Korea to monitor at-home quarantines was found to contain a serious security flaw.

According to a report from The New York Times, the self-isolation app, which was a major component of the country’s plan to drastically reduce the number of cases effectively and quickly, exposed users’ names, phone numbers, medical symptoms, and their real-time location data.

Software engineer, Frédéric Rechtenstein, who lives in Seoul, came across the flaws after using the app during his own isolation period.

South Korea’s home isolation app was found to contain two serious security flaws that exposed personal information of users like phone number, name, and medical symptoms (stock)

Rechtenstein found that the app was assigning users easily guessable ID numbers meaning that hackers could easily figure out a user’s credentials and use it to access their data. 

The app also used an insecure from of encryption that with a code written directly into the app. Additionally, that code followed a simple, easy-to-guess pattern which was ‘1234567890123456.’

With that access, hackers would have also been able to make it appear as though a user was breaking isolation rules by making unauthorized trips outside their homes. 

A new update has reportedly rectified the security flaws in the app, which has 162,000 downloads, and government officials have since apologized for the security lapse. 

A The oversight was a product of the speedy rollout according to government officials interviewed by The Times.

‘We were really in a hurry to make and deploy this app as quickly as possible to help slow down the spread of the virus,’ Jung Chan-hyun, an official at the Ministry of the Interior and Safety’s disaster response division told The Times. 

‘We could not afford a time-consuming security check on the app that would delay its deployment.’

There’s currently no evidence that the flaws were exploited according to The Times.