By FRANK BAJAK
It is supposed to help protect human-rights activists, labor organizers and journalists working in risky environments, but a GPS-enabled “panic button” that Colombia’s government has issued to about 400 people could be exposing them to more peril.
The pocket-sized devices are designed to notify authorities in the event of an attack or attempted kidnapping. But the Associated Press, with an independent security audit , uncovered technical flaws that could let hostile parties disable them, eavesdrop on conversations and track users’ movements.
There is no evidence the vulnerabilities have been exploited, but security experts are alarmed.
“This is negligent in the extreme,” said Eva Galperin, director of cybersecurity at the nonprofit Electronic Frontier Foundation, calling the finding “a tremendous security failure.”
Over the past four years, other “distress alarms” and smartphone apps have been deployed or tested around the world, with mixed results. When effective, they can be crucial lifelines against criminal gangs, paramilitary groups or the hostile security forces of repressive regimes.