Login

Register

Login

Register

Aarogya Setu: Security issue in Govt’s COVID-19 tracking app puts privacy of 90 million Indians at stake, claims hacker | #android | #cybersecurity | #informationsecurity


An anonymous French hacker who goes by the name of Elliot Alderson on Twitter has discovered a security issue in the Government’s Aarogya Setu COVID-19 tracking app that could potentially put the privacy of 90 million Indians at stake. Being an ethical hacker, Alderson has “flagged” the issue to India’s Computer Emergency Response Team (CERT) and the National Informatics Centre (NIC) that falls under the Ministry of Electronics and Information Technology. Alderson is notably the same hacker who had earlier exposed issues in the Government of India’s mAadhar app for Android.

On Tuesday, Alderson took to Twitter to claim that he had discovered a security issue in the Aarogya Setu app and asked the Government to contact him in private, so the hacker could disclose it to the authorities. The Government contacted the hacker soon enough and the issue was disclosed to them. Alderson now awaits a fix for the said issue, failure of which would entail the hacker in disclosing the issue in public, as per the core tenets of ethical “white hat” hacking.

The Government did come out with a detailed response to the hacker’s claims in the wee hours, last night. But the reason why we say the hacker still awaits a fix, is because in the words of Alderson, the Government basically said “(there’s) nothing to see here.” In simpler terms, all is well with Aarogya Setu even though the hacker appears to have raised not one, but two concerns with the app.

“No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” the makers of Aarogya Setu said.

Alderson has already put the word out on Twitter that he will come out with more information today, and we will update this piece as soon as we know more.

In the meanwhile, Alderson isn’t the only one to have raised alarm over privacy issues in the Aarogya Setu app. New Delhi-based Software Freedom Law Centre has alleged that the app collects sensitive user data such as a user’s gender and travel history, The Internet Freedom Foundation (IFF) has meanwhile alleged that Aarogya Setu lacks transparency.

The issues are particularly serious, to be looked into, because even though Aarogya Setu is seemingly a “voluntary” app, it’s being made more and more “mandatory” each passing day. Failure to install it on smartphones (when out in the public) is even punishable in Noida and Greater Noida, as per a new directive by the UP police, which is a first for any such app. The Government has also directed public and private sector employees to have it installed on their smartphones. “Use of Aarogya Setu app shall be made mandatory for all employees, both private and public. It shall be the responsibility of the head of the respective organisations to ensure 100 percent coverage of this app among the employees,” according to a recent MHA directive. Needless to say that Aarogya Setu is already mandatory for Central Government employees. And for people residing in COVID-19 containment zones.

Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

_________________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

.  .  .  .  .  .  . .  .  .  .  .  .  .  .  .  .   .   .   .    .    .   .   .   .   .   .  .   .   .   .  .  .   .  .





Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
HACKER FOR HIRE MURDERS
 

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW