The Health Ministry is still fixing MySejahtera's security vulnerabilities which made headlines recently when spam emails and unsolicited messages were sent out from the app.
The ministry yesterday said the incident was caused by abusing APIs (application programming interfaces), and not due to a MySejahtera database leak.
APIs are software intermediaries that allow two applications to talk to each other.
“For sure we are still receiving a few complaints. We have implemented two fixes (yesterday) and we will have additional (fixes) today to ensure manual registration for individual numbers to make sure we can close the back door as well,” said Health Minister Khairy Jamaluddin.
He was speaking at a press conference in Kuala Lumpur earlier today.
The incident received widespread attention a few days ago after members of the public said they received spam emails and unsolicited one-time password (OTP) messages purportedly from MySejahtera.
Malaysiakini earlier reported that the abuse of APIs that happened with MySejahtera was made possible by the lack of ‘locks’ in the design of the system.
“In usual design, there are supposed to be ‘keys’ where the server can use to identify who is calling the server (as a form of authentication).
“The problem with this design is there are no ‘locks’ implemented. Anyone can come in and abuse the APIs,” said full-stack developer Phakorn Kiong. - Mkini
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.