Celebrities’ Photos, Other Info Leaked Due to Privacy Flaw in Beijing's Health C...
source link: https://en.pingwest.com/a/8168
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Celebrities’ Photos, Other Info Leaked Due to Privacy Flaw in Beijing's Health Code
posted on December 28, 2020 4:52 pm
Culprit was a convenient feature of Beijing City's COVID tracking system.
Around 70 Chinese celebrities' facial images were circulating online since last Sunday. Those affected include Jackson Yee of the boy band TFBoys, actress Yang Mi, pop singer Cai Xukun and many more. Images leaked are mostly their selfies without makeup used by them to register with Beijing's COVID-19 tracking app Jiankangbao, otherwise referred to as the Health Code.
Nevertheless, there was no data breach. It appears that the leaked images were not hacked from databases but derived from a flaw in the health code system.
In June, Jiankangbao introduced a feature called Check Other's Health Code, designed to fill the city's seniors' and minors' tech gap and help those without a health code or smartphone get in and out. This feature currently enables users to check and display at most four other people's health code and their COVID-19 exposure risk report, which include their name, national ID number, as well as their portrait images.
Despite that the feature was designed for convenience, a privacy flaw exists as it did not necessarily require in-person or electronic consent from people that are being checked. Once their real name and ID are provided, the app returns with a headshot they used in registration, the full name & ID (partially hidden), and their latest coronavirus test date and place.
Meantime, celebrities' personal information, including their ID, passport number, and even game IDs, can easily be fetched. Some extreme fans that claim to own more than 1000 ID numbers of idols found the loophole and matching their data with the health code results. Previously, these fans were notorious for using celebrities' ID numbers to check their idol's flight and seat to get close-up shots.
On some WeChat fan groups, the leaks are on sale for low as 2 yuan (USD0.31) per image.
ZKBRAIN, the company that developed the Beijing health code app, responded to media inquiries that it is aware of this issue and begin investigating.
On October 21, 2020, Beijing unveiled the Personal Information Protection Law draft for public consultation and vowed to protect personal biometric information. Under the new law, companies are required to use sensitive information only "for specific purposes and only when sufficiently necessary." And the law makes clear that a risk assessment should be conducted in advance.
On China's social networks, the hashtag 明星健康宝 (literally Celebrities Jiankangbao) was trending at the top on Weibo before being taken down. Related posts on other social platforms such as Baidu Tieba and Hupu were also removed.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK