UK vaccine passport app could become ‘honeypot’ for hackers, says former top government cyber

This is one for the Brits. I have the NHS app on my phone, which has links to all of my medical history. It already has details of my Covid vaccination (I’ve had the first jab). Given that the ‘central database’ vulnerability exists today, I’d prefer NHSX to secure the existing app infrastructure and use that to show vaccination status rather than develop something new and double the attack surface…:

[…] The Times reported yesterday that NHSX has already begun developing the app in anticipation of getting the green light from Gove.

Yapp, who left the NCSC in 2019, said criminal gangs would easily target the app if all data was kept in one centralised database.

He said that any app should keep data localised, like the Test and Trace app, so it is tied to individuals’ phones and should not include sensitive information like people’s date of birth or NHS number.

“Centralised databases means you’re putting a lot of data in one place so it becomes an attractive target for hackers and the like so it’s like a honeypot – it attracts people in and they’re going to have a go because there is so much data,” he said.[…]

Original article