Amber refutes claim of second JamCOVID vulnerability
Dushyant Savadia, the founder and chief executive officer of the Amber Group, is describing recent reports alleging a second vulnerability on the JamCOVID website as "deeply concerning."
"Amber remains very concerned about certain reports being published in the mainstream and referenced on social media platforms, which are seemingly defamatory. In this regard, the company is currently consulting with its legal team," said Savadia.
United States-based newspaper TechCrunch on Monday claimed that a researcher found that a file was left on the server which reportedly exposed passwords to access backend systems such as databases and mail servers which are connected to the JamCOVID-19 application.
Savadia explained that the exposed environmental (.env) file being described as a vulnerability is one that contained expired information, along with links that had been previously made redundant.
"These files do not contain any personal information from JamCOVID-19 users nor do they enable access to such information. Login information to our applications and websites is further protected with multi-factor authentication to prevent access. If you take a closer look at the file that was referenced, you would have seen that the database URL and credentials were already rectified last week," he added.
The researcher was not named as there is now fear that the Jamaica Government could go after the whistleblowers exposing the security flaws.
It had been discovered that a server hosting aspects of the application was left unprotected and its content could be publicly accessed.
"Amber continues to work to mitigate against continued cyber-attacks, hacking and mischievous players seeking to disrupt and interfere, including these occurrences, with a system designed to facilitate safe re-entry into our borders," Savadia said.
Amber noted that the JamCOVID-19 system was developed to meet an urgent need to facilitate controlled re-entry to Jamaica.
“Amber stands behind its work and contributions to Jamaica in the fight against the pandemic. We continue to cooperate fully with the investigation by the authorities,” Savadia added.
Follow The Gleaner on Twitter and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at email@example.com or firstname.lastname@example.org.