'Totally shot' - Golding knocks JAMCOVID app as alleged second flaw discovered
Opposition Leader Mark Golding has declared that the credibility of the JAMCOVID portal is “now totally shot”.
The Opposition leader stopped short of calling for the plug to be pulled on the application even as the Government continues to defend its integrity.
His declaration comes hours after it had been revealed that another alleged security flaw associated with the JAMCOVID application has reportedly been uncovered just days after its developer, Amber Group, sought to reassure that the application is safe.
“Jamaica demands accountability,” Golding asserted.
He wants the Government to publish the engagement contract between it and Amber Group.
“Is there a US-dollar fee per user for this ‘free’ portal? And who owns the data?” Golding questioned.
TechCrunch, a United States-based newspaper, on Monday claimed that a researcher found that a file was left on the server which reportedly exposed passwords to access backend systems such as databases and mail servers which are connected to the JAMCOVID-19 application.
The researcher was not named as there is now fear that the Jamaica Government could go after the whistleblowers exposing the security flaws.
It had been discovered that a server hosting aspects of the application was left unprotected and its content could be publicly accessed.
Last week, the Ministry of National Security, smarting from the embarrassing ordeal which had placed the spotlight on the security of the application, said it had opened a criminal probe into the matter although it has shed very little details on its ongoing investigation.
It is understood that Amber Group’s chief executive Dushyant Savadia was made aware of the second security flaw today and the issue was rectified shortly after.
Up to late last week, Savadia had strongly defended the integrity of the Amber Group and the application which was gifted to the Government.
“We are confident this was a completely isolated occurrence,” the group said in a statement to The Gleaner.
The new security flaw brings into question declarations last week by the firm Escala 24×7 inc that there was no current vulnerability with the JAMCOVID-19 application.
Savadia boasted in the statement to The Gleaner that an assessment done by a “leading” international cybersecurity provider indicated that “there are no further vulnerabilities” that could lead to a data breach or exposure.
Follow The Gleaner on Twitter and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at firstname.lastname@example.org or email@example.com.