Survey says UK public fears cyber-attacks with COVID-19 tracing app


Almost half (48%) of people in the UK questioned about the NHSX contact-tracing app say they don’t trust the government to keep their information safe from hackers, according to a 1,000-person survey.

The smartphone app, which is being piloted on the Isle of Wight, is part of the government’s ‘test, track and trace’ strategy as the country eases out of coronavirus lockdown, with fewer restrictions in social distancing starting from today.

The poll – conducted by Censuswide for cyber-security company Anomali – also found that 43% of respondents were worried that using the app would give fraudsters the opportunity to launch phishing attacks by email or SMS.

Moreover, just over half (52%) of people felt they were savvy enough to differentiate between a legitimate email or text message and fraud attempt.

For now at least it’s something of a moot point, as the UK’s track and trace approach is relying on conventional means, with 25,000 contact tracers using phone and email to warn those exposed to people contracting the virus to self-isolate.

There are also reports that the app is having teething problems that could delay its national roll-out, although NHSX is said to be working on a second-generation version to overcome the problems. The latest government line is that it will be available nationally within a few weeks.

Nevertheless, concern about the safety of the app amongst the general population could have a big impact on how willing people are to install it on their phones, and if too few do so it will be rendered ineffective.

The Censuswide survey also revealed that more than a third (36%) of people are also concerned that the app could be used by the government to collect data on them.

“At this stage, nobody knows where to get the NHSX app from, so it can be reasonably expected that consumers will be faced with floods of emails with bogus links to convincing looking domains to download the app from,” says Anomali’s Jamie Stone.

 There have already been cases reported in the UK in which fraudsters have sent text messages to people to try to fool them into believing they have been in contact with someone who has tested positive for coronavirus, and directing them to a website that seeks to harvest their personal details.

Stone thinks this form of attack is more dangerous than phishing emails, as “due to the smaller screen real estate, people will be less able to check the veracity of the link so will be more trusting and might click it.”

“We’re already seeing thousands of rogue and spoof COVID-19 domains being registered and used in attacks,” he adds.