Ethical hacker claims data breach via Aarogya Setu app

In these times of lockdown and uncertainty all around us, we now have to worry about our personal data being up for grabs or misused by an alleged breach in the Indian government’s contact tracing Aarogya Setu app. 

Elliot Anderson, a French security researcher and ethical hacker, on Tuesday (May 6), threw the gauntlet at the Indian government and claimed that the Aarogya Setu is flawed and data of 90 million Indians could be vulnerable.

As per the ethical hacker, the two major issues that require a fix include the fact that ‘the app fetches user location on a few occasions”, and a ‘user can get the Covid-19 stats displayed on home screen by changing the radius and latitude-longitude using a script’.

“Hi @SetuAarogya, A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private? Regards. PS: Rahul Gandhi was right,” he said.

While very confident about his claims of data breach, Anderson has not been forthcoming with any technical details of the same and said that he is awaiting the Indian government's response in fixing the issue.

The National Informatics Centre (NIC) under the Ministry of Electronics and Information Technology, which developed the app, has denied these claims and issued the following reply via their Twitter handle:

The Aarogya Setu team clarified that the fetching of a user’s location is ‘by design’ and it is ‘stored on the server in a secure, encrypted and anonymised manner’.

Regarding the second issue, the team said the radius parameters on the app  ‘are fixed and can only take one of the five values: 500m, 1km, 2km, 5 km, and 10 km’. It added that the information does not ‘compromise on any personal or sensitive data’. 

Anderson responded with a nonchalant tweet, saying: “Basically, you said “nothing to see here” We will see. I will come back to you tomorrow.” 

Interestingly, this statement from the app team comes close on the heels of  Congress leader Rahul Gandhi’s recent remark that the contact tracing app is a ‘sophisticated surveillance system outsourced to a private operator’.

Recently there was also an uproar about the Centre deploying wearable trackers and Arogya Setu to monitor Covid-19 patients. 



from TechRadar - All the latest technology news https://ift.tt/35CHFR5

Share this

Related Posts

Previous
Next Post »

Font Tusker Grotesk: download and install for free.

Font Tusker Grotesk: download and install for free.