Aarogya Setu: Hacker claims personal data at risk, app says 'no data, security breach has happened'
New Delhi | Jagran Tech Desk: French security researcher Robert Baptiste -- an ethical hacker who goes by the name Elliot Alderson -- has flagged security concerns over Aarogya Setu, a government app for tracking coronavirus patients, pointing that it could potentially leak data of the nearly 9 crore users who have downloaded it.
However, the developers of the app have dismissed the claim, saying that there was no security threat in the contact tracing application. The app, too, has now released an official statement.
“No personal information of any user has been proven to be at risk by this ethical hacker,” Aarogya Setu said in a statement on its twitter handle. “”We are continiously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” the statement read.
Unimpressed by the response, the hacker tweeted: "Basically, you said "nothing to see here". We will see. I will come back to you tomorrow."
Basically, you said "nothing to see here"— Elliot Alderson (@fs0c131y) May 5, 2020
We will see.
I will come back to you tomorrow. https://t.co/QWm0XVgi3B
Two hours later, he asked the government: "Do you know what triangulation is", referring to the process of locating an unknown point by forming triangles from known points.
On Tuesday, hacker Alderson had claimed that "a security issue has been found" in the app and that "privacy of 90 million Indians is at stake".
"Hi @SetuAarogya, A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private? Regards, PS: @RahulGandhi was right," he had tweeted.
The hacker then warned the government that unless the breaches were fixed, he would make the flaws public, writing: "Putting the medical data of 90 million Indians (at risk) is not an option. I have a very limited patience, so after a reasonable deadline, I will disclose it, fixed or not".
Aarogya Setu is a mobile application developed by the central government to connect essential health services with the people over the fight against COVID-19. The mobile application helps users identify whether they are at risk of COVID-19 infection. It also provides people with important information, including ways to avoid coronavirus infection.
The app is aimed at augmenting the initiatives of the Centre, particularly the Department of Health, in proactively reaching out to and informing the users of the app regarding risks, best practices and relevant advisories pertaining to the containment of COVID-19.
The Centre has made it mandatory for government and private sector employees to use Arogya Setu mobile application to bolster the efforts to fight the COVID-19 pandemic, and entrusted the organisational heads with ensuring its 100 per cent coverage.
The Union Home Ministry also said the mobile app will be must for people living in COVID-19 containment zones.
Posted By: abhinav gupta