Coronavirus crisis: COVIDSafe users should update for safety, says technology expert
Tech experts are urging Australians to not just download but update the coronavirus contact tracing app to avoid a problem where it could be disabled.
Software developer Richard Nelson found a flaw in COVIDSafe that would allow someone with a relatively simple Bluetooth device to crash the app running on phones in the vicinity.
That would mean they weren’t picking up the “handshakes” with other phones and so the data wouldn’t exist for health officials if the user came down with coronavirus.
“If you went into a busy area - a popular restaurant or pub or bar or something like that - it would disable contact tracing for all of the iPhones in that area,” Mr Nelson told AAP.
“You could potentially imagine people organising groups to go around and put little devices in areas that would disable it long-term.”
He couldn’t imagine why anyone would want to do that, but said last weekend’s Melbourne protest over coronavirus lockdown restrictions showed there were “misguided groups” around.
“You see people with ideas around 5G causing coronavirus and they might want to disable the app for misguided activist reasons,” he said.
While the problem didn’t appear to have wider security implications, Mr Nelson said any fixable issue should be fixed.
The government released an update for COVIDSafe on Thursday that fixes the problem but people need to manually install it.
It’s also believed the update increases the reliability of the app when it is used in the background of an iPhone.
More than 5.7 million people have downloaded the software but authorities have called for more.
“The only way the disease detectives can really use the COVIDSafe app is if it is on the phone of the person who is diagnosed with COVID. If it’s not on their phone, COVIDSafe can’t be used,” deputy chief medical officer Nick Coatsworth said.
Parliament on Thursday passed beefed-up privacy protections for the app.
Those accessing the data without authorisation or forcing others to sign up will face up to five years’ jail and fines of $63,000.