Contact tracing app security flaws

The CEO of a British technology company has warned the government of potential serious flaws in the security of personal information and data used in the new contact tracing app technology that was announced by Matt Hancock.

Manchester inventor and innovator Louis-James Davis stated that the use of QR code scanning technology, which underpins the government contact tracing app, is flawed because its reliance and use of QR codes means it can be subject to a process called ‘Attagging’ or cloning. 

Attagging is where a genuine QR code is replaced by a cloned QR code, which then redirects the person scanning that code to a similar website where personal data can be intercepted and breached. The problem is that serious that in India alone there are over a billion fraudulent financial transactions each day using QR codes. As the scanning user journey is the same, it is only tech-savvy individuals who may notice the domain name has changed.

The Manchester-based VST Enterprises (VSTE) has developed an ultra-secure digital health passport and contact tracing app technology that does not use QR codes but instead uses a closed loop, ultra-secure code called VCode, which it has invented and which is currently being used by the United Nations SDG Projects. The system uses closed-loop technology with end-to-end encryption and contains over 2.2 quintillion variations of code.