Qatar Demonstrates Danger of Contact Tracing Apps

A major security vulnerability left Qatari citizens open to having highly sensitive, personal information stolen.

Qatar is one of the many countries that has rolled out a contact tracing app. Contact tracing is widely considered to be one of the keys to getting a handle on the coronavirus pandemic. Unfortunately, there is tremendous potential for an app to be abused, or for poor security to open users up to hackers and scammers. For example, North Dakota’s Care19 app was recently discovered to be sharing location data with FourSquare.

Qatar’s app is now the latest to have an issue, with Amnesty International’s Security Lab discovering a serious vulnerability that “would have allowed cyber attackers to access highly sensitive personal information, including the name, national ID, health status and location data of more than one million users.”

To make matters worse, the Qatari contact tracing app is mandatory for the country’s citizens, ensuring virtually everyone was at risk. Amnesty International informed the authorities on May 21 of the vulnerability and they released a fix the very next day.

“While the Qatari authorities were quick to fix this issue, it was a huge security weakness and a fundamental flaw in Qatar’s contact tracing app that malicious attackers could have easily exploited. This vulnerability was especially worrying given use of the EHTERAZ app was made mandatory last Friday,” said Claudio Guarnieri, Head of Amnesty International’s Security Lab.

“This incident should act as a warning to governments around the world rushing out contact tracing apps that are too often poorly designed and lack privacy safeguards. If technology is to play an effective role in tackling the virus, people need to have confidence that contact tracing apps will protect their privacy and other human rights.”

Hopefully governments around the world will take note of Qatar’s example and work hard to protect their citizens’ privacy.