At a glance.
- Tracking COVID-19 exposure by smartphone.
- Increased VPN use brings advice on VPN security.
COVID-19 exposure tracking and smartphone user privacy.
WIRED has an account of smartphone apps developed for epidemiological applications. In 2011 researchers at Cambridge University developed an app, FluPhone, that used wireless interactions as a proxy for human contact. FluPhone was well-reviewed but not much adopted. Its developers think it could help during the current COVID-19 pandemic. There are a variety of tools under development now, some of them open-source, that could be applied to COVID-19.
It appears that both China and South Korea have enjoyed some success, albeit mixed success, using similar tools during the present coronavirus outbreak. But the apps come with a variety of issues. Some have identified those with the virus, and shared that information more generally. Inclusion of information about those with the virus, and their movements, in large government databases has made many uneasy.
Collection of such data always carries a certain risk to privacy, even when it's done with relatively benign intent. Unfortunately the intent isn't always benign. Iran has been particularly hard-hit by COVID-19, and thus its citizens would be particularly interested in an application, "AC19," advertised as "designed by the Ministry of Health to detect the likelihood of people having coronavirus.” The app obviously doesn't diagnose coronavirus, but it does offer a kind of screening in which users answer a short series of yes-or-no questions. It also installs intrusive tracking software, Vice reports, and it seems likely that this is the real purpose of AC19.
Advice on remote work.
According to an Atlas VPN report, there’s been a global surge in VPN use. Italy (with relatively high rates of infection) leads, with a 112% increase in VPN usage last week. The US (with relatively low rates of infection) is second, with a 53% spike.
The US Cybersecurity and Infrastructure Security Agency (CISA) recommends virtual private networks (VPNs), with advice on how to use them securely and effectively. This is important, because as VPNs rise in importance, they become attractive targets for criminals. CISA recommends updating VPNs and associated systems used for remote work so they’ve got the latest patches and sound security configurations. Employees should be warned to expect more phishing attempts. Security teams should dust off their plans for log review, attack detection, and incident response and recovery. Use multifactor authentication and strong passwords. And, before it becomes a problem, test the limitations of your system and plan for higher usage.