The Executive Yuan yesterday said 98 government-made applications render their users highly vulnerable to hacking, adding that it would pull the apps from circulation if improvements are not made by the middle of the month.
Only 20 apps out of a total of 144 made by the Executive Yuan’s subordinate agencies passed all tests conducted by its evaluators, an Executive Yuan inventory report to the Legislative Yuan Internal Administration Committee said.
Of the remaining apps, 23 were found to have four to six vulnerabilities and 101 have one to three vulnerabilities, the report said.
The 98 apps that failed the tests pose a “high informational security risk” and the National Development Council last month instructed agencies to improve them before the middle of this month.
Those that fail to meet the deadline are to be pulled, Executive Yuan sources said.
The apps that posed a low risk should be improved before the end of July, sources added.
Apps with six vulnerabilities include the following: Tienkena’s Attack (進擊的鐵克納) by the National Science and Technology Museum, Mobile Water Manager (行動水管家) by Taiwan Water Corp (台灣自來水), Taiwan Railways eTicket (台鐵e訂通) by the Taiwan Railways Administration, Foreign Workers’ Little Assistant (外籍勞工小幫手) by the Workforce Development Agency and Accounting Mobile Go (統計隨身GO) by the Directorate-General of Budget, Accounting and Statistics.
During the budget review for this fiscal year, lawmakers on the Internal Administration Committee passed a resolution that said the Executive Yuan must review its apps for potential vulnerabilities that could compromise state secrets or users’ privacy or financial information.
According to the executive’s report, information security evaluations were conducted on the 144 apps that are available for download by 73 of its agencies.
The evaluations were performed according to the Industrial Bureau’s “guidelines for evaluating basic informational security of mobile applications,” it said, adding that the apps were tested on 10 to 16 protocols, including on their management of sensitive data, connection security and the validity of digital certificates.
The most common security issues were related to storage of sensitive data, vulnerabilities in software, invalid certificates for servers and others, the report said.
The National Development Council is to draft new standards for information security, which all future government-made apps must meet before distribution, the Executive Yuan said.
In addition, the Industrial Bureau is to incorporate informational security evaluation services into contracting guidelines for all agencies, it said.
A small number of Taiwanese this year lost their citizenship rights after traveling in China and obtaining a one-time Chinese passport to cross the border into Russia, a source said today. The people signed up through Chinese travel agencies for tours of neighboring Russia with companies claiming they could obtain Russian visas and fast-track border clearance, the source said on condition of anonymity. The travelers were actually issued one-time-use Chinese passports, they said. Taiwanese are prohibited from holding a Chinese passport or household registration. If found to have a Chinese ID, they may lose their resident status under Article 9-1
PROCEDURE: Although there is already a cross-strait agreement in place for the extradition of criminals, ample notice is meant to be given to the other side first Ten Taiwanese who were involved in fraud-related crimes in China were extradited back to Taiwan via Kinmen County on Wednesday, four of whom are convicted fraudsters in Taiwan. The 10 people arrived via a ferry operating between Xiamen and Kinmen, also known as the “small three links.” The Kinmen County Prosecutors’ Office yesterday said that four of the 10 extradited people were convicted in Taiwan for committing fraud and contravening the Money Laundering Control Act (洗錢防制法), and were on the wanted list. They were immediately arrested upon arrival and sent to Kinmen Prison to serve their sentences following brief questioning, the office said.
‘REGRETTABLE’: Travelers reported that Seoul’s online arrival card system lists Taiwan as ‘China (Taiwan),’ the Ministry of Foreign Affairs said The Ministry of Foreign Affairs yesterday urged South Korea to correct the way Taiwan is listed in its newly launched e-Arrival card system, saying the current designation downgrades the nation’s status. South Korea rolled out the online system on Feb. 24 to gradually replace paper arrival cards, which it plans to phase out by next year. Travelers must complete the electronic form up to 72 hours before entering the country. The ministry said it has received multiple complaints from Taiwanese travelers saying that the system lists Taiwan as “China (Taiwan)” in dropdown menus for both “place of departure” and “next
PROBLEMATIC APP: Citing more than 1,000 fraud cases, the government is taking the app down for a year, but opposition voices are calling it censorship Chinese Nationalist Party (KMT) Chairwoman Cheng Li-wun (鄭麗文) yesterday decried a government plan to suspend access to Chinese social media platform Xiaohongshu (小紅書) for one year as censorship, while the Presidential Office backed the plan. The Ministry of the Interior on Thursday cited security risks and accusations that the Instagram-like app, known as Rednote in English, had figured in more than 1,700 fraud cases since last year. The company, which has about 3 million users in Taiwan, has not yet responded to requests for comment. “Many people online are already asking ‘How to climb over the firewall to access Xiaohongshu,’” Cheng posted on
RSS