Headlines
  • False or misleading informations are spread by organizations posing as legitimate media outlets in an attempt to twist public opinion in favor of a certain ideology.
  • On social media,watch out for fake messages,pictures,Videos and news.
  • Always Check Independent Fact Checking Sites if You Have Some Doubts About the Authenticity of Any Information or Picture or video.
  • Check Google Images for AuthThe Google Reverse Images search can helps you.
  • It Would Be Better to Ignore Social Media Messages that are forwarded from Unknown or Little-Known Sources.
  • If a fake message asks you to share something, you can quickly recognize it as fake messege.
  • It is a heinous crime and punishable offence to post obscene, morphed images of women on social media networks, sometimes even in pornographic websites, as retaliation.
  • Deepfakes use artificial intelligence (AI)-driven deep learning software to manipulate preexisting photographs, videos, or audio recordings of a person to create new, fake images, videos, and audio recordings.
  • AI technology has the ability to manipulate media and swap out a genuine person's voice and likeness for similar counter parts.
  • Deepfake creators use this fake substance to spread misinformation and other illegal activities.Deepfakes are frequently used on social networking sites to elicit heated responses or defame opponents.
  • One can identify AI created fake videos by identifying abnormal eye movement, Unnatural facial expressions, a lack of feeling, awkward-looking hand,body or posture,unnatural physical movement or form, unnatural coloring, Unreal-looking hair,teeth that don't appear natural, Blurring, inconsistent audio or noise, images that appear unnatural when slowed down, differences between hashtags blockchain-based digital fingerprints, reverse image searches.
  • Look for details,like stange background,orientation of teeth,handsclothing,asymmetrical facial features,use reverse image search tools.

More Details

Independent Audit of Hong Kong COVID Tracking System Discloses Vulnerabilities

Review of ‘Leave Home Safe’ apps finds that confidential communications aren’t always secure.

By Roseanne Gerin for RFA English

Hong Kong Kowloon Tong Cornwall Street Park Leave Home Safe sign

An independent audit of the Hong Kong government’s digital COVID-19 contact-tracing apps found significant security issues with the software but said the flaws weren’t necessarily intentionally added to allow for unauthorized tracking. 

The “Leave Home Safe” mobile apps became available for download in November 2020, allowing users to scan a QR code at more than 9,000 locations in Hong Kong, including both public and private venues, and on identification labels in 18,000 taxis to record their movements.

The apps also notified users if a person confirmed with contagious respiratory virus had recently visited those places.

7ASecurity, a Poland-based computer network security and testing firm, conducted a privacy and a security audit of the Leave Home Safe Android and iOS apps in April and May on behalf of an unnamed third party.

Its work was funded by the Open Technology Fund (OTC), a U.S. nonprofit that supports global internet freedom technologies and, like Radio Free Asia, is part of the United States Agency for Global Media, an independent agency of the U.S. government that broadcasts news and information in 63 languages. 

The parties issued the 55-page report on Wednesday.

When the Hong Kong government rolled out the apps, people there raised concern about potential security and privacy risks that they could introduce. Some feared the apps would be used to control Hongkongers amid a citywide crackdown on public protest and dissent over China’s aggressive policies in the special administrative region, according to a previous report by RFA.

Less than half a million downloads of apps occurred during the first two weeks due in part to privacy concerns among city’s roughly 7.5 million people, and many acquired a second mobile device to avoid having sensitive content on the same phone, OTC said in an announcement on its website.

As of Nov. 1, 2021, the Chinese government made use of the apps mandatory for anyone entering government-run buildings, including courts, swimming pools, public markets, hospitals, shopping malls and places of worship. The apps recently began requesting real name registration and tracking users’ movements.

The goal of the audit was to have an independent third party verify whether the official Leave Home Safe privacy and security claims are accurate.

On Wednesday, OTC issued 7ASecurity’s report on the audit results with 12 findings, eight of which are classified as security vulnerabilities and four as general weaknesses with lower exploitation potential. Three of these findings had an estimated severity level of high or critical.

“While no clear privacy violation could be conclusively proven during the audit at runtime, a number of application artifacts, likely inherited from underlying dependencies or simply security vulnerabilities introduced by mistake, were found during this exercise,” the report says.

The privacy audit could not conclusively prove malicious intent or unauthorized tracking of Hongkongers, it says.

One of the identified vulnerabilities was that the Android app failed to validate certificates that secure internet connections by encrypting data sent between a browser, website and website server, allowing communications between two parties to be intercepted by a malicious user without any user warnings.

7ASecurity also found that the Android app stores COVID vaccination and test status images in the mobile device’s Secure Digital (SD) memory storage cards when users try to import such QR Codes from safer locations, such as Google Drive. Android SD Cards are inappropriate locations for sensitive data because thieves can remove them and plug them into a computer to read the data.

Additionally, the audit determined that the Leave Home Safe Android app uses several cryptographic functions with known security weaknesses, either directly or through inherited libraries.

The iOS app does not implement available Data Protection features in iOS, so that most files have a default encryption that keeps the decryption key in memory while the device is locked — the least secure form of data protection available on iOS because a malicious attacker with physical access to the device could use it to read the decryption key from memory and gain access to local app data files, without needing to unlock the device.

Other significant shortcomings were a lack of Hong Kong health code system credentials, valid Hong Kong COVID vaccination QR codes, and valid Hong Kong COVID test QR codes.

“This poor result strongly suggests that the Leave Home Safe mobile apps have not been audited by any competent security firm previously,” OTC said in its announcement. “This is in stark contrast to the documentation in the official Leave Home Safe website, which indicates the mobile applications were audited previously on December 10th 2021, and only a single ‘low’ priority issue was identified.”

7ASecurity recommended that the issues raised in the report be addressed to strengthen the security aspects of the Leave Home Safe platform, and that a thorough review, including a full code audit, be conducted. The firm also suggested regular testing of the platform at least once a year or when substantial changes are to be deployed, to ensure new features do not introduce security vulnerabilities. 

RFA previously reported on Hong Kong police in Hong Kong investigating the origins of a fake app after the government made the Leave Home Safe app compulsory for those entering government-run facilities.

Copyright © 1998-2020, RFA. Used with the permission of Radio Free Asia, 2025 M St. NW, Suite 300, Washington DC 20036. https://www.rfa.org

Related Article

Escaping from Scam Center on Cambodia’s…

Young people being deceived into forced labor by criminal gangs, primarily involving illegal work in ...
December 21, 2024

10 Shocking Revelations from Bangladesh Commission’s…

Macabre killings, casual torture, misdirection and snooping were part of “the anatomy of enforced ...
December 20, 2024

Hospitals Overwhelmed in Vanuatu as Death…

Vanuatu on Wednesday took stock of damage from a powerful 7.3 magnitude earthquake that killed at le ...
December 18, 2024

Authorities Arrest Influential Tibetan Internet Entrepreneur

Chinese authorities have arrested a popular Tibetan social influencer and internet entrepreneur in Q ...
December 17, 2024

Bangladeshi Experts, Officials Call for Support…

Baharul Alam, the newly appointed Inspector-General of Police (IGP), said he was ready to sit down w ...
December 14, 2024

Myanmar Junta Prepares to Send Migrant…

Myanmar’s junta is preparing to send migrant workers to Russia, following a request from the count ...
December 10, 2024

Other Article

News & Views

Escaping from Scam Center on Cambodia’s…

Young people being deceived into forced labor by criminal gangs, primarily involving illegal work in ...
December 21, 2024
Pick of the Day

UN Security Council Meets to Discuss…

Vanessa Frazier, Permanent Representative of Malta to the United Nations, introduces a resolution at ...
December 20, 2024
News & Views

10 Shocking Revelations from Bangladesh Commission’s…

Macabre killings, casual torture, misdirection and snooping were part of “the anatomy of enforced ...
Video Report

Migration Dynamics Shifting Due to New…

In 2024, there was a slowdown in the number of migrants traveling from Latin America to the United S ...
Pick of the Day

UN Security Council Meets to Discuss…

Antony J. Blinken, Secretary of State of the United States of America, chairs the United Nations Sec ...
December 19, 2024
Video Report

Winter Brings New Challenges for Residents…

The front line is continually shifting in the Donetsk region of Eastern Ukraine, and Russian shellin ...

[wp-rss-aggregator feeds="crime-more-world"]
Top