Hacker raises red flag on Aarogya Setu app, govt says no security breach
Rebutting claims of a French ethical hacker who on Tuesday (April 5) sent out alerts on Twitter the COVID-19 tracking Aarogya Setu app threatens the privacy of 90 million Indians, the government on Wednesday (April 6) clarified that there was no security breach in the app.
Rebutting claims of a French ethical hacker who on Tuesday (April 5) sent out alerts on Twitter the COVID-19 tracking Aarogya Setu app threatens the privacy of 90 million Indians, the government on Wednesday (April 6) clarified that there was no security breach in the app.
The developers of the app in a statement released on Wednesday said “no data or security breach has been identified.” They said the ethical hacker after a discussion with them could not prove that any personal information of any user is at risk.
Statement from Team #AarogyaSetu on data security of the App. pic.twitter.com/JS9ow82Hom
— Aarogya Setu (@SetuAarogya) May 5, 2020
Related news: ‘Daily a new lie’: BJP counters Rahul’s allegations on Aarogya Setu app
The ethical hacker, named Robert Baptiste, a French security researcher who uses the social media nom de plume of Elliott Alderson, shot back saying, “Basically, you said ‘nothing to see here.’ We will see. I will come back to you tomorrow.’”
Baptiste, who had earlier pointed out problems with the mAadhaar Aap, had been following the Aarogya Setu app and on Tuesday warned of security issues in the app, request developers to get in touch with him. In a postscript he wrote, “Rahul Gandhi was right,” referring to the Congress leader’s warning that the app uses location data of users.
Hi @SetuAarogya,
A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?
Regards,
PS: @RahulGandhi was right
— Elliot Alderson (@fs0c131y) May 5, 2020
He later confirmed that the Indian Computer Emergency Response Team and the National Informatics Centre got in touch with him within an hour of him posting the tweet.
He had warned the government that he would make the flaws in the app public if the breaches were not fixed.
Related news: Aarogya Setu: Mass outreach or Data overreach?
“Putting the medical data of 90 million Indians (at risk) is not an option. I have a very limited patience, so after a reasonable deadline, I will disclose it, fixed or not,” he tweeted.
The central government recently made it mandatory for people and government officials in COVID-19 containment zones to download the app, which was launched on April 2. It has 50 million downloads so far.
