Cyber security researchers found the developer of the free Police software to be “incompetent” and the myriad flaws in the cyber-crime-fighting tool left businesses more at risk of cyber-attacks!

An independent cyber security researcher has dissected a prevalent vulnerability scanning and network monitoring tool used by the UK Police and labelled it “woefully unsecured”.

The Police CyberAlarm tool was launched in November 2020 at no cost to businesses who wished to use it. The Home Office-funded tool aimed to gather valuable data on the suspicious threats targeting businesses and feed it into police intelligence, but a long line of security vulnerabilities was discovered by information security consultant Paul Moore.

Among many vulnerabilities were: leakage of passwords in plain text where the software’s developer made the situation worse, after security issues were found back when Police CyberAlarm launched in 2020. Since making the first report, Moore recently observed that a logic flaw was present that allows plain text passwords to be sent to and returned from the software’s central API. An attacker can request data using the data collector’s ID, and it will return information including names, email addresses, telephone numbers, what IP addresses the tool scans, as well as the plain text passwords.

All in all, a disaster waiting to happen, however not entirely unexpected…

If you want reliable security advice, contact the IT experts at Pink Connect on 0345 450 9393 – get your business up to speed with Cybersecurity, there is no time to waste.