Albion College
Aura
COVID-19
Nucleus Careers
TechCrunch
QR
Bluetooth
Tufts University
Q&A
Amazon Web Services
Burp Suite
iPhone
Strafach
the Health Insurance Portability and Accountability Act
HIPAA
Bucknell University
Temple University
GPS
Signal
WhatsApp
Genetworx
https://t.co/a5j4nvu5nQ
Gilda
Aura
Will Strafach
Matthew Johnson
Tony Defazio
Chuck Carlson
@Q3w3e3
Elizabeth Burbank
COVID-19
Aura
Guardian Firewall
the United States
Michigan
students’
Albion
Pennsylvania
Virginia
U.S.
keys.“The
Thanksgiving
Most other contact-tracing apps use nearby Bluetooth signals, which experts say is more privacy-friendly.Hundreds of academics have argued that collecting and storing location data is bad for privacy.The Aura app generates a QR code based on the student’s COVID-19 test results. (Image: TechCrunch)The Aura app generates a QR code based on the student’s COVID-19 test results. Last year, TechCrunch reported on a student at Tufts University who was expelled for alleged grade hacking, despite exculpatory evidence in her favor.Albion said in an online Q&A that the “only time a student’s location data will be accessed is if they test positive or if they leave campus without following proper procedure.” But the school has not said how it will ensure that student location data is not improperly accessed, or who has access.“I think it’s more creepy than anything and has caused me a lot of anxiety about going back,” one student going into their senior year, who asked not to be named, told TechCrunch.One Albion student was not convinced the app was safe or private.The student, who asked to go by her Twitter handle @Q3w3e3, decompiles and analyzes apps on the side. If we increased or decreased the account number in the web address by a single digit, it generated a QR code for that user’s Aura account.In other words, because we could see another user’s QR code, we could also see the student’s full name, their COVID-19 test result status and what date the student was certified or denied.TechCrunch did not enumerate each QR code, but through limited testing found that the bug may have exposed about 15,000 QR codes.We described the app’s vulnerabilities to Will Strafach, a security researcher and chief executive at Guardian Firewall.
As said here by Zack Whittaker