IT expert warns of major security hole in DIE’s ETA visa page

News

Says no foreigner would want to visit Sri Lanka if they became aware that their passport details could easily be accessed by hackers

An Australia-based IT engineer has identified a security hole in the Department of Immigration and Emigration’s (DIE) electronic travel authorisation (ETA) visa page, which allows the mere entry of a confirmation code—with no additional layer of protection—to access information such as passport numbers, full names, nationality and dates of birth.

“In that link, only the confirmation code needs to be entered to see the application status,” says Vasantha Saparamadu, who retired as a senior systems engineer from Macquarie University, Sydney. “When I enter my code, it gives me a link to download my application status, which includes full name, passport number, nationality, and date of birth.”

Read more in latest Sunday Times edition here