Security flaws found in NHS contact-tracing app

A Covid-19 contact-tracing app being tested in the Isle of Wight has security flaws that could lead to privacy risks, according to researchers. The researchers called for new legal protections to stop data being used for anything other than identifying those at risk of being infected and proposed a shift from the NHS’s current “centralised” model to a “decentralised” model. Weaknesses included registering process issues, which could enable attackers to steal encryption keys. Unencrypted data on handsets could also be used by law enforcement to determine when people met. The NHS’s digital innovation branch sought to justify some of the risks.