Third Party App Security Issues Raised As PORTpass App Leaks Security Leaks For Flames Fans

0


CALGARY –

Tech and cybersecurity expert warns Albertans about third-party apps that offer COVID-19 vaccination and rapid test verification.

This comes after users complained that an app created in Calgary was not working and others showed they were able to download fake information to the app, but still got it. been verified.

The app is called PORTpass and is recommended by the Calgary Sports and Entertainment Corporation (CSEC) – the group that owns the Flames, Stampeders, Roughnecks and Hitmen – to provide proof of vaccination at the entrance to its sporting events.

Hours before the Flames’ first preseason game at the Saddledome on Sunday, PORTpass announced that it was experiencing technical difficulties and asked fans to bring hard copies of their vaccination records to the game instead.

“It’s great that the entrepreneurs want to help, but we heard from a group of people who tried to use PORTpass and couldn’t make it to the hockey game,” said Tom Keenan, cybersecurity expert at the University of Calgary.

Beyond user frustration on Sunday, Keenan says apps like PORTpass also pose security and privacy concerns.

“The reality is that you are giving information to a complete stranger and that information could come back to haunt you in the form of identity theft,” Keenan said.

THE VACCINE REGISTRATION CAN BE HANDLED: USER OF THE APP

Conrad Yeung is a web developer in Calgary and downloaded PORTpass to see how the app worked. He said he made a fake vaccination record on the app using a different name and was verified by PORTpass.

“The first pic I uploaded was Rob Schneider in the poster for ‘Deuce Bigalow: Male Gigalo’ and I was like ‘they accepted this? Cool, let’s use that, “” he said.

Conrad Yeung is a web developer in Calgary and downloaded PORTpass to see how the app worked. He said he made a fake vaccination record on the app using a different name and was verified by PORTpass.

“Then they applied for my driver’s license and I uploaded a random photo to the internet and it was verified. PORTpass.

Yeung’s profile stopped working on the PORTpass app on Sunday evening, around the time the company reported it was experiencing technical difficulties.

The CEO of PORTpass agreed to do an interview with CTV News on Monday afternoon, but canceled shortly after.

In a statement released Monday afternoon, the company said it has taken steps to “dramatically increase system resources to meet continued demand and ensure functionality for all users, at all times.”

“PORTpass wishes to reaffirm the commitment to security that has been at the heart of its operations since day one and respond to recent allegations on social media falsely claiming to have had unlimited access to the system’s database,” we read .

“The statements made are unequivocally false and PORTpass will work with local authorities to take action against this malicious disinformation and the submission of fraudulent documents. Documents uploaded for proof of vaccination and test results go through both a manual review and machine learning analysis, and are used securely with Amazon Web Services.

As a further demonstration of the commitment to security and transparency, PORTpass is taking steps to implement additional layers of security, including steps towards SOC 2 compliance and working with a third party on a security audit During this time of uncertainty, PORTpass continues to live by its mandate to provide a transparent means for local businesses to continue to serve their communities. “

Keenan, the cybersecurity expert, was also able to be verified by PORTpass, although he did not provide his own driver’s license when registering for the app.

“There’s a lot of information on your driver’s license, your passport. So instead, I gave them my US Library of Congress card and guess what? It took it. So, they don’t really watch what’s going on there, ”Keenan mentioned.

“We need to get the (QR code) soon and I think the reality is that government issued and supported apps will be the way to go,” he added.

The Government of Alberta is working on its own QR code for proof of vaccination, but there is no deadline to make it available to the public.

“Work is underway to provide proof of vaccination with an Alberta verified QR code soon. We are monitoring experiences from other provinces and privacy and security concerns are addressed, ”said a statement from Alberta Health.

BBRI said it was aware of the security and privacy issues raised by PORTpass users and was working with the company. A CBSC spokesperson said more information would be available to fans within a day or two.


Leave A Reply

Your email address will not be published.