Ang COVID-KAYA ay isang platform na ginagamit ng mga frontline healthcare workers sa Pilipinas para mangolekta at magbahagi ng mga kaso ng COVID-19 sa Kagawaran ng Kalusugan. Natagpuang nagtataglay ng mga kahinaan ang web at Android apps nito, na pinapayagan ang mga walang pahintulot na user na makuha ang pribadong datos tungkol sa mga gumagamit ng app, at maaring maging ang datos ng mga pasyente.

COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.

يفحص هذا التقرير التشفير الذي يحمي الاجتماعات في تطبيق Zoom الرائج. وجدنا أن Zoom لديه نظام تشفير “خاص به” ، ويحتوي على نقاط ضعف كبيرة. بالإضافة إلى ذلك حددنا نقاط تثير القلق في البنية التحتية لـ Zoom ، بما في ذلك نقل مفاتيح التشفير للاجتماعات عبر الصين.

In this note, we describe a security issue where users in the “Waiting Room” of a Zoom meeting could have spied on the meeting, even if they were not approved to join. Zoom fixed the issue after we reported it to them.

This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys to China.