Comments (6)
I agree. A friend of mine has recently been diagnosed with COVID-19. He ended his quarantine without receiving his code. Having been in close contact with him, I went into self-imposed and later cantonal quarantine (also slow as fuck, wtf?).
I am ending my 10 day quarantine in 2 days, he probably won't have his code by then. What the hell is the purpose of this app if the central authorities do not send these codes fast enough? This is not the fault of this app but rather of the central authorities, really disappointing. As there are no feedback channels to doctors and labs, I have to post this here.
from swisscovid-app-android.
Apparently this is still a problem, any contributor willing to take this issue? https://twitter.com/BergerWthur/status/1314522636869947394?s=19
from swisscovid-app-android.
Scenario 1:
Attacker create a beacon emitting a strong signal in multiple locations preferably in a crowed area. The beacon sends out dp3t signals which are captured by a large number of phones using Swisscovid. Few days later, attacker enter a self declared infection that generates an alert for a large amount of individuals, all false positives. This can have an impact on testing facilities and create some panic.
Scenario 2:
Attacker uses a dedicated phone, with Swisscovid installed and running. Attacker meet or stay close of victim enough (15mn). Then attacker enter fake alert (self declared infection) and forces victim to go into quarantine.
I am sure there are other possible scenarios. I believe this is a bad idea that can be easily exploited.
from swisscovid-app-android.
While valid scenarios, imo highly unlikely to actually occur. Such an exploit is usually difficult to make and therefore usually underlined by some personal benefits (money, personal vendetta, or other). There is no gain for a certain person by performing such a scenario and therefore unlikely to occur.
On the other hand, the app as it is NOW is completely useless. Either you allow self declaration or you force the labs to send these codes and sanction those who do not. But something has to be done, as this app was proclaimed to be a central to the contact tracing
from swisscovid-app-android.
@rachyandco, of course, the scenarios you describe are possible. However, given that currently, not even an exposure that has been confirmed with a code is actually forcing people into quarantine a self-declared notification would do so far less.
It would be a new feature of the app to notify everybody you have been close with about a possible infection or a confirmed infection for which no code is available yet. It would be up to the recipients to decide what to do with this information, I highly doubt this would create panic. Also, when it comes to COVID, complacency has been been a far greater threat than the alleged panic response.
Similar attack scenarios are also possible with the code. One could for instance proxy the dp3t signals from several crowded clubs to a retirement home. Chances are that one of the clubbers will eventually enter a code, for the residents such a notification would be indistinguishable from an actual exposure.
from swisscovid-app-android.
With the new test strategy this issue is getting more important. Additional it would be useful if the measured distance and time required for creating a warning can be reduced my the user. (See also https://www.srf.ch/news/schweiz/gratis-selbst-tests-fuer-alle-die-testoffensive-kommt-ein-hoffnungsvoller-tag ) Should I create a separate issue for this?
from swisscovid-app-android.
Related Issues (20)
- Bluetooth dependent applications don't work when the app is running HOT 2
- English language and consistency errors in GUI HOT 1
- Explain Copyrights given to Ubique HOT 2
- No message, if the device does not support ble transmission. HOT 4
- Huawei P40 Pro HOT 1
- App only works, when phone is active (screen on) HOT 6
- There were several issues for active tracking using device OPPO Reno HOT 6
- Not up-to-date call to action HOT 1
- Message "Kein aktuellen Daten" HOT 1
- Calculate a premium amount if code is entered within a short time period
- Drop-in replacement for Google Play API exposure notification HOT 2
- EXPOSURE_NOTIFICATION_API is not avalibale on this device
- Unexpected Inoperable file IOException HOT 1
- No current data with version 1.4.1, 2.1.0 HOT 4
- app sys "Keine aktuellen Daten" HOT 8
- Translation spelling fixes (fr)
- App crashes on startup
- keine aktuellen Daten (RTSENCANCEL) 1.5.0/2.2.0 HOT 4
- AGAEN10.-2 error on GrapheneOS HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swisscovid-app-android.