JAKARTA - The 2022 World Cup in Qatar is just counting days, but this biggest football tournament is like a nightmare for data and privacy security.
When the world public visits Qatar from November 20 to December 18 to watch the event they must download two applications, namely Ehteraz as a COVID-19 tracker, and Hayya, which is used as a ticket to enter the stadium and access to free metro and bus transportation services.
However, Ehteraz's contact tracing scheme was under scrutiny even before it was used for the World Cup. This is because the app has remote access to users' images and videos, and can make calls without being asked.
Ehteraz also needs a background location service to always be active and provide apps with the ability to read and write to file systems.
"Ehteraz can install encrypted files claiming to store unique IDs, QR codes, infection status, configuration parameters, and other device proximity data using the app," said CTO and co-founder of the security firm Promon app, Tom Lysemose Hansen, to The Register quoted Monday, November 14.
"Basically, the app takes data from end users for more reason than the approval button disclosed."
Hansen added that by downloading these two apps, users are forced to submit all sensitive IPs upon arrival.
"After receiving the requirements of this application, the moderator will have full control over the user's device," explains Hansen.
"All personal content, the ability to edit it, share it, extract it, and data from other apps on your device are in their hands. The moderator will even have the power to remotely unlock the user's device," he added.
In fact, French data protection agency CNIL recommends carrying a burner phone to keep information safe from reconnaissance after they review the app.
Burner phones are cheap prepaid phones that can be destroyed or thrown away when users don't need them anymore. In cyberspace, criminals often use burner phones to avoid the detection of authorities.
Mungkin menggunakan ponsel burner untuk alasan privasi sebagai upaya terakhir, atau selama keadaan darurat adalah pilihan yang baik.
"They will most likely use this app to erode all your contacts, check your call history and SMS, track your location via GPS and device radio interfaces (bluetooth and wifi) and maybe loot your social media contacts," Hansen said.
The app also harms friends and acquaintances. In addition, once users receive terms and conditions, the app can continue to spy on them and contacts, even after users leave Qatar.
According to Hansen, the only real solution is to get a combustion phone. "Even with a new driver's license, don't import any settings or contacts, or log into your social media account," Hansen said.
Otherwise, it will definitely be tracked by Qatar, and possibly surveillance of other countries. "The unique IMEI number and mobile SIM identification will be tracked by cellular networks in the country and may be shared with other autocratic regimes which means they can continue to track you, in those countries, even after you delete the app," Hansen said.
In the Qatar 2022 World Cup, around 15,000 cameras that use facial recognition will also monitor events and spectators, to keep players and fans safe. However, given the country's poor human rights record, perhaps a pretty bad idea.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)