Jamaica’s Amber Group sets second JamCOVID security phase

Jamaica: Amber Group has settled a second security lapse that disclosed private keys and passwords for the administration’s JamCOVID app and website.

A security researcher said TechCrunch on Sunday that the Amber Group left a file on the JamCOVID website by error, which contained passwords that would have given access to the backend systems, storage, and databases operating the JamCOVID site and app. 

The analyst asked not to be named for fear of legal repercussions from the Jamaican administration.

This database, known as an environment variables (.env) file, is often used to collect private keys and passwords for third-party services that are essential for cloud applications to run. But these files are sometimes inadvertently exhibited or uploaded by mistake but can be abused to gain access to data or services that the cloud application relies on if found by a threat actor.

The exposed environmental variables file was found in an open directory on the JamCOVID website. Although the JamCOVID domain appears to be on the Ministry of Health’s website, Amber Group controls and maintains the JamCOVID dashboard, app, and website.

The exposed file carried secret credentials for the Amazon Web Services databases and storehouse servers for JamCOVID. The file also contained a username and password to the SMS gateway used by JamCOVID to send text messages and credentials for its email-sending server. 

On the other hand, While COVID-19 has clearly been the focus in 2020/2021, the Government continues to work on its general health system strengthening initiatives, including:

• Construction of a 5-bed Intensive Care Unit (“ICU”) for Mandeville Regional Hospital

• Expansion of ICU capacity at the Cornwall Regional Hospital; University of the West Indies, Kingston Public and Victoria Jubilee Hospitals

• Creation of 4-bed High Dependency Unit (“HDU”) space at the Spanish Town Hospital

• Construction of two facilities – one in the Eastern and the other in the Western part of the island – to provide additional isolation beds.

• Increase in the number of trained critical care personnel.

Besides the pandemic, activities directed towards enhanced vector control and prevention and management of non-communicable diseases have continued through inter-ministerial collaboration and private sector partnerships.

Click here for more news