The state of Hesse needed the BSI to comprehensively verify the favored Luca app and the infrastructure behind it. The Federal Ministry of the Inside rejected the request. Why?
The Luca app final had the model of 20 Thousands and thousands of customers: reached inside. In June, 9 million persons are stated to have downloaded the app. The information brought on a shake of the top amongst safety consultants. The Chaos Laptop Membership (CCC), for instance, demanded that the Luca app be buried in view of quite a few safety deficiencies. Thus far have 13 Federal states licenses for Luca purchased. Price: about 20 Million Euros. Hessen had additionally struck. Now the state needed to fee a assessment of the system – in useless.
BSI will not be allowed to scrutinize the Luca app
As Spiegel On-line first reported, the Federal Ministry of the Inside has banned the Federal Workplace for Info Safety (BSI) from finishing up the great testing of the app and system requested by Hessen. That is doable as a result of the BSI experiences to the Ministry of the Inside. The Ministry of the Inside confirmed the refusal to the Spiegel. The reason: The international locations are contractual companions of the Luca app. And the assure of IT safety is the topic of the producer's service.
In plain language: Hessen must request such a take a look at instantly from the Luca app maker. In response to Golem, such supply code checks or penetration exams may very well be carried out by correspondingly specialised firms, which may also be BSI-certified. Culture4Life, which is behind the Luca app, might fee this service. This process would even be utilized by different federal authorities.
BSI criticism of coping with safety deficiencies
Nevertheless, the BSI had already had the Luca app scrutinized. In response to Golem, this was solely executed in reference to the company's app testing portal – from exterior suppliers. In Might, the BSI publicly criticized the way in which by which the Luca app operators handled recurring vulnerabilities. Nevertheless, the workplace later said that it will proceed to pay attention its sources “on the intensive and development-accompanying testing of the Corona warning app”, as Golem writes. The Corona-Warn-App obtained new capabilities with the model 2.7 introduced on Monday. The app now checks whether or not the certificates are real.
Don't miss something: Subscribe to the t3n e-newsletter! 💌
Word on the e-newsletter & information safety