Another alleged JAMCOVID security flaw uncovered
Another alleged security flaw associated with the JAMCOVID application has reportedly been uncovered just days after its developer, Amber Group, sought to reassure that the application is safe.
TechCrunch, a United States-based newspaper, on Monday claimed that a researcher found that a file was left on the server which reportedly exposed passwords to access backend systems such as databases and mail servers which are connected to the JAMCOVID-19 application.
The researcher was not named as there is now fear that the Jamaica Government could go after the whistleblowers exposing the security flaws.
It had been discovered that a server hosting aspects of the application was left unprotected and its content could be publicly accessed.
It had been reported that hundreds of thousands of records might have been compromised although Government Minister Matthew Samuda claimed that just under 700 persons’ records might have been exposed.
The Government said it contacted those whose data might have been exposed.
Along with providing information on COVID-19, the JAMCOVID application allows users to enter personal data, including medical records, before they are given approval to enter Jamaica.
The application is also used to track the movement of those placed in quarantine.
Last week, the Ministry of National Security, smarting from the embarrassing ordeal which had placed the spotlight on the security of the application, said it had opened a criminal probe into the matter although it has shed very little details on its ongoing investigation.
It is understood that Amber Group’s chief executive Dushyant Savadia was made aware of the second security flaw today and the issue was rectified shortly after.
Up to late last week, Savadia had strongly defended the integrity of the Amber Group and the application which was gifted to the Government.
“We are confident this was a completely isolated occurrence,” the group said in a statement to The Gleaner.
The new security flaw brings into question declarations last week by the firm Escala 24×7 inc that there was no current vulnerability with the JAMCOVID-19 application.
Savadia boasted in the statement to The Gleaner that an assessment done by a “leading” international cybersecurity provider indicated that “there are no further vulnerabilities” that could lead to a data breach or exposure.
The Government has not yet made any statement on the latest development which has threatened to shake the confidence in the entire security of the application.
Attempts by The Gleaner to get a comment from Minister of National Security, Dr Horace Chang, and Minister without Portfolio in the Ministry of National Security, Mathew Samuda, were unsuccessful.
Follow The Gleaner on Twitter and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at firstname.lastname@example.org or email@example.com.