DeepSec 2023 Talk: 1h Talk – LeaveHomeSafe: The Good, the Bad, the Ugly – Abraham Aranguren
The COVID-19 pandemic has led to the development and deployment of various contact tracing apps worldwide, including the Hong Kong government’s LeaveHomeSafe app. In this talk, we will present the findings of our comprehensive security assessment of LeaveHomeSafe, which uncovered a range of vulnerabilities from minor to critical. We will discuss the overall app design and functionality, the uncovered issues related to data privacy and security, as well as interesting edge-case scenarios. We will delve into the technical details of the vulnerabilities we found, demonstrating the tools and techniques used to identify and exploit them. Our talk will also cover the disclosure process, as well as the subsequent press and official Hong Kong government reactions, which garnered international attention. The talk will break down the good, the bad and the ugly of this security