《TAIPEI TIMES 焦點》 Most government apps ‘vulnerable’

SECURITY: The most common issues relate to data storage and software vulnerability, among others. Apps that fail to meet the deadline for improvement will be pulled

By Lo Tien-pin and Jonathan Chin / Staff reporter, with staff writer

請繼續往下閱讀...

The Executive Yuan yesterday said 98 government-made applications render their users highly vulnerable to hacking, adding that it would pull the apps from circulation if improvements are not made by the middle of the month.

Only 20 apps out of a total of 144 made by the Executive Yuan’s subordinate agencies passed all tests conducted by its evaluators, an Executive Yuan inventory report to the Legislative Yuan Internal Administration Committee said.

Of the remaining apps, 23 were found to have four to six vulnerabilities and 101 have one to three vulnerabilities, the report said.

The 98 apps that failed the tests pose a “high informational security risk” and the National Development Council last month instructed agencies to improve them before the middle of this month.

Those that fail to meet the deadline are to be pulled, Executive Yuan sources said.

The apps that posed a low risk should be improved before the end of July, sources added.

Apps with six vulnerabilities include the following: Tienkena’s Attack （進擊的鐵克納） by the National Science and Technology Museum, Mobile Water Manager （行動水管家） by Taiwan Water Corp （台灣自來水）, Taiwan Railways eTicket （台鐵e訂通） by the Taiwan Railways Administration, Foreign Workers’ Little Assistant （外籍勞工小幫手） by the Workforce Development Agency and Accounting Mobile Go （統計隨身GO） by the Directorate-General of Budget, Accounting and Statistics.

During the budget review for this fiscal year, lawmakers on the Internal Administration Committee passed a resolution that said the Executive Yuan must review its apps for potential vulnerabilities that could compromise state secrets or users’ privacy or financial information.

According to the executive’s report, information security evaluations were conducted on the 144 apps that are available for download by 73 of its agencies.

The evaluations were performed according to the Industrial Bureau’s “guidelines for evaluating basic informational security of mobile applications,” it said, adding that the apps were tested on 10 to 16 protocols, including on their management of sensitive data, connection security and the validity of digital certificates.

The most common security issues were related to storage of sensitive data, vulnerabilities in software, invalid certificates for servers and others, the report said.

The National Development Council is to draft new standards for information security, which all future government-made apps must meet before distribution, the Executive Yuan said.

In addition, the Industrial Bureau is to incorporate informational security evaluation services into contracting guidelines for all agencies, it said.

新聞來源：TAIPEI TIMES