DG105: IT-Security Weaknesses of Emergency Alert Apps (datengarten)

Emergency Apps (like NINA/DE, FEMA/US and others) are a novel approach to enhance conventioal emergency alert channels with mobile devices, which nowadays are owned by the majority of the population to connect them to omnipresent data sources of the Internet. Due to typical characteristics implied by the design of mobile operating systems and applications, emergency apps on the hand have short version life cycles, on the other hand should be resilient to human and technical failure. Therefore we present the features of mobile apps, describe typical requirements towards these. To provide a practical result we scanned several apps for typical vulnerability patterns (and placed these in the CVE/CWE categories). In the end we summarize our research results towards a wish list to promote standard infrastructure and quality criteria for the development and deployment of such apps. Emergency Apps (like NINA/DE, FEMA/US and others) are a novel approach to enhance conventioal emergency alert channels with mobile devices, which nowadays are owned by the majority of the population to connect them to omnipresent data sources of the Internet. Due to typical characteristics implied by the design of mobile operating systems and applications, emergency apps on the hand have short version life cycles, on the other hand should be resilient to human and technical failure. Therefore we present the features of mobile apps, describe typical requirements towards these. To provide a practical result we scanned several apps for typical vulnerability patterns (and placed these in the CVE/CWE categories). In the end we summarize our research results towards a wish list to promote standard infrastructure and quality criteria for the development and deployment of such apps. about this event: https://c3voc.de