ABSTRACT
The malicious actors continuously produce malicious Android applications with a COVID-19 theme in the context of the pandemic. Users frequently grant the necessary permissions to install those phoney apps without paying much attention. Android permissions are essential points of weakness. Major privacy issues often result from this vulnerability. Hackers with malicious intent have viewed the COVID-19 pandemic as an opportunity to conduct malware attacks to profit financially and advance their nefarious goals. Through COVID-19-related content, people are becoming victims of phishing scams. The android malware seen explicitly during the pandemic of Covid-19 is discussed in this study, and we next analyze malware detection methods with a focus on these Covid-19-Themed malware mobile applications. This research paper attempts to identify dangerous android permissions and the malware families that erupted during the Covid-19 outbreak. © 2023 IEEE.
ABSTRACT
Many religious communities are going online to save costs and reach a large audience to spread their religious beliefs. Since the COVID-19 pandemic, such online transitions have accelerated, primarily to maintain the existence and continuity of religious communities. However, online religious services (e.g., websites and mobile apps) open the door to privacy and security issues that result from tracking and leakage of personal/sensitive information. While web privacy in popular sites (e.g., commercial and social media sites) is widely studied, privacy and security issues of religious online services have not been systematically studied. In this paper, we perform privacy and security measurements in religious websites and Android apps: 62,373 unique websites and 1454 Android apps, pertaining to major religions (e.g., Christianity, Buddhism, Islam, Hinduism). We identified the use of commercial trackers on religious websites—e.g., 32% of religious websites and 78% of religious Android apps host Google trackers. Session replay services (FullStory, Yandex, Inspectlet, Lucky Orange) on 198 religious sites sent sensitive information to third parties. Religious sites (14) and apps (7) sent sensitive information in clear text. Besides privacy issues, we also identify sites with potential security issues: 19 religious sites were vulnerable to various security issues;and 69 religious websites and 29 Android apps were flagged by VirusTotal as malicious. We hope our findings will raise awareness of privacy and security issues in online religious services. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
To limit the spread of COVID-19, social distancing measurements and contact tracing have become popular strategies implemented worldwide. In addition to manual contact tracing, smartphone-based applications based on proximity detection have emerged to speed up the discovery of potential infectious individuals. However, so far, their effectiveness has been limited, mainly due to privacy issues. A new tracing mechanism is represented by Online Social Networks (OSNs), which provide a successful way to track, share and exchange information in real-time. Being extremely popular and largely used by citizens, OSNs are less exposed to privacy concerns. In this paper, we present an OSN-based contact tracing platform called TraceMe to reduce the spread of the epidemic. The proposal currently targets COVID-19, but it can be used in presence of other infectious diseases, like Ebola, swine flue, etc. TraceMe implements conventional contact tracing based on physical proximity and, in addition, it leverages OSNs to identify other contacts potentially exposed to the virus. To efficiently find the targeted social community, while saving the time complexity, a clique-based method is applied. Performance evaluation based on a realistic dataset shows that TraceMe is able to analyse large-scale social networks in order to find, and then alert, the tight communities of contacts that are at high risk of infection. © 2023 IEEE.
ABSTRACT
Given the importance of privacy, many Internet protocols are nowadays designed with privacy in mind (e.g., using TLS for confidentiality). Foreseeing all privacy issues at the time of protocol design is, however, challenging and may become near impossible when interaction out of protocol bounds occurs. One demonstrably not well understood interaction occurs when DHCP exchanges are accompanied by automated changes to the global DNS (e.g., to dynamically add hostnames for allocated IP addresses). As we will substantiate, this is a privacy risk: one may be able to infer device presence and network dynamics from virtually anywhere on the Internet — and even identify and track individuals — even if other mechanisms to limit tracking by outsiders (e.g., blocking pings) are in place. We present a first of its kind study into this risk. We identify networks that expose client identifiers in reverse DNS records and study the relation between the presence of clients and said records. Our results show a strong link: in 9 out of 10 cases, records linger for at most an hour, for a selection of academic, enterprise and ISP networks alike. We also demonstrate how client patterns and network dynamics can be learned, by tracking devices owned by persons named Brian over time, revealing shifts in work patterns caused by COVID-19 related work-from-home measures, and by determining a good time to stage a heist. © 2022 Copyright held by the owner/author(s).
ABSTRACT
Since SARS-CoV-2 started spreading in Europe in early 2020, there has been a strong call for technical solutions to combat or contain the pandemic, with contact tracing apps at the heart of the debates. The EU's General Data Protection Regulation (GDPR) requires controllers to carry out a data protection impact assessment (DPIA) where their data processing is likely to result in a high risk to the rights and freedoms (Art. 35 GDPR). A DPIA is a structured risk analysis that identifies and evaluates possible consequences of data processing relevant to fundamental rights in advance and describes the measures envisaged to address these risks or expresses the inability to do so.Based on the Standard Data Protection Model (SDM), we present the results of a scientific and methodologically clear DPIA. It shows that even a decentralized architecture involves numerous serious weaknesses and risks, including larger ones still left unaddressed in current implementations. It also found that none of the proposed designs operates on anonymous data or ensures proper anonymisation. It also showed that informed consent would not be a legitimate legal ground for the processing. For all points where data subjects' rights are still not sufficiently safeguarded, we briefly outline solutions. © 2022 IEEE.
ABSTRACT
The advent of digital technologies used as a mechanism to deal with the Covid-19 global pandemic, has raised serious concerns around privacy and security issues. Despite these concerns and the potential risk of data misuse, including third party use, countries around the world have pushed the use and proliferation of contact-tracing applications. However, the success of these contact-tracing applications relies on their adoption and use. A well known phenomenon referred to as privacy paradox is defined as the discrepancy between the expressed privacy concern and the actual behaviour of users when it comes to protect their privacy. In this context, this paper presents a study investigating the privacy paradox in the context of a global pandemic. A national survey has been conducted and the data is analysed to examine people's privacy risk perception. The results show inconsistencies between people's privacy concerns and their actual behaviour that is reflected in their attitude shift of sharing their mobile data during a global pandemic. The study also compiles a list of recommendations for policymakers. © 2022 IEEE.
ABSTRACT
Since early 2020, the COVID-19 pandemic has been significantly changing people’s daily lives as social activities are limited to slow down the spread of the novel coronavirus. New technologies, especially mobiles apps, have been widely applied to help with reducing the spread of the pandemic. However, although these apps bring many benefits, it also raises privacy issues given the amount of user information being collected and shared. The goal of this study is to understand individuals’ attitudes towards the privacy concerns on using COVID-19 apps, and their expectations on the privacy protections. By conducting the survey and collecting responses, results found that majority of the participants expressed privacy concerns on COVID-19 apps, and participants with different socioeconomic status may have different levels of willingness to use the app. Results from this study not only provide guidance for the government and app service providers on the implementation of appropriate safeguards, but also address on the needs of privacy protections for the vulnerable groups. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
Demand for contract tracing applications is significantly increasing as governments across the globe are relying on these mobile apps to help combat the spread of the COVID-19 virus. However, while this technology has a potential benefit, there is widespread concern that consumers’ fears around privacy and data protection prevent them from downloading such apps. By focusing on this emerging crisis, in this study, we investigate the potential obstacles imposed by privacy concerns (i.e., the perceived risk of accepting the app permission, the perceived risk of providing the information). This study also investigates the popularity of Aarogya Setu, the Indian government’s COVID-19 app. In doing so, we examine privacy concerns through the theoretical lens of the Elaboration Likelihood Model and explore the download intentions of new users. Using the above dimensions of privacy, we then propose a conceptual framework that depicts the influence of privacy concerns over the download intention of new users. Lastly, this paper provides suggestions to allow the Aarogya Setu to improve its perceived reliability among its users and increase downloads. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
People with language impairments, such as aphasia, use a range of total communication strategies. These go beyond spoken language to include non-verbal utterances, props and gestures. The uptake of videoconferencing platforms necessitated by the Covid-19 pandemic means that people with aphasia now use these communication strategies online. However, no data exists on the impact of videoconferencing on communication for this population. Working with an aphasia charity that moved its conversation support sessions online, we investigated the experience of communication via a videoconferencing platform. We report a study which investigated this through: 1) observations of online conversation support sessions;2) interviews with speech and language therapists and volunteers;and 3) interviews with people with aphasia. Our findings reveal the unique and creative ways that the charity and its members with aphasia adapted their communication to videoconferencing. We unpack specific, novel challenges relating to total communication via videoconferencing and the related impacts on social and privacy issues. © 2022 ACM.
ABSTRACT
The COVID-19 pandemic has greatly affected humanity by destabilizing the world economy through strain on hospital systems and deaths. Medical personnel is working around the clock to establish vaccines. On the other hand, technology contributes to the fight against the virus by tracking COVID-19 infections. Many digital contact tracking smartphone applications have been created to address this epidemic successfully. However, the applications lack transparency, raising worries about their privacy. Contact tracing has been employed to stop the spread of the disease. When battling the coronavirus epidemic, computerized contact tracking has quickly emerged as an essential tool. Therefore, the research conducted in this paper focuses on the challenges of tracking applications to analyze the perspective view of privacy issues. Besides, the paper proposes policies for data privacy to aid in making the tracking applications more effective and successful. © 2022 IEEE.
ABSTRACT
Federated learning (FL) has emerged as a promising privacy-aware paradigm that allows multiple clients to jointly train a model without sharing their private data. Recently, many studies have shown that FL is vulnerable to membership inference attacks (MIAs) that can distinguish the training members of the given model from the non-members. However, existing MIAs ignore the source of a training member, i.e., the information of the client owning the training member, while it is essential to explore source privacy in FL beyond membership privacy of examples from all clients. The leakage of source information can lead to severe privacy issues. For example, identification of the hospital contributing to the training of an FL model for the COVID-19 pandemic can render the owner of a data record from this hospital more prone to discrimination if the hospital is in a high risk region. In this paper, we propose a new inference attack called source inference attack (SIA), which can derive an optimal estimation of the source of a training member. Specifically, we innovatively adopt the Bayesian perspective to demonstrate that an honest-but-curious server can launch an SIA to steal non-trivial source information of the training members without violating the FL protocol. The server leverages the prediction loss of local models on the training members to achieve the attack effectively and non-intrusively. We conduct extensive experiments on one synthetic and five real datasets to evaluate the key factors in an SIA, and the results show the efficacy of the proposed source inference attack. © 2021 IEEE.
ABSTRACT
Undoubtedly COVID-19 is one of the most disruptive pandemics in recent history, adversely affecting individuals, societies, and economies through severe limitations imposed on activities involving gatherings and travel. Among many tools envisioned in battling such pandemics are immunity passports allowing vaccinated or immune individuals to bypass the restrictive measures. However, this proposal also raises many security, privacy, and ethical issues. Due to the sensitive medical records, companies and recreation centres do not have direct access to the COIVD vaccine database;on the other hand, the vaccine results are easily forgeable. One solution is public access to the vaccination database, which is not acceptable for privacy reasons. Our solution securely combines the vaccination results with the user's biometric authentication result to generate a binary result, such that 0 means this person either not authenticated or not vaccinated, and 1 means this person is vaccinated and authenticated so he/she may use an intended service. Our scheme is based on Secure MultiParty Computations (MPC) and preserves both the privacy of the biometric query and the database. At the same time, it also prevents the inquiring service provider from learning about the vaccination result. © 2021 IEEE.