Updated May 6th, 2020 at 16:44 IST
Aarogya Setu team contacts hacker claiming security risk in India's flagship Covid app
The Centre has issued a statement on data security of the Aarogya Setu App after a French hacker claimed that there are security issues with the application.
Advertisement
The Centre on Wednesday has issued a statement regarding data security of the Aarogya Setu App after a French hacker Robert Baptiste, who goes by Elliot Alderson on Twitter, claimed that there are security issues with the government’s flagship Covid contact tracing platform. In its statement, Aarogya Setu Team assured the citizens that no security or data breach has been identified, and thanked the 'Ethical hacker'.
'No data or security breach has been identified'
"No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified," the statement reads, adding technical details.
It added, "We thank this ethical hacker on engaging with us. We identify any users who identify a vulnerability to inform us immediately at support.aarogyasetu@gov.in. Your continuous support will help us keep the App even more secure."
The statement also included a detailed clarification on the points of the 'app fetching user locations on a few occasions' and 'User can get the COVID-19 stats displayed on Home Screen by changing the radius and latitude-longitude using a script'. The hacker raised his concerns on these points during the conversation with the Aarogya Setu Team.
Statement from Team #AarogyaSetu on data security of the App. pic.twitter.com/JS9ow82Hom
— Aarogya Setu (@SetuAarogya)
'Sophisticated surveillance system'
The hacker on Tuesday claimed that a security issue has been found in the app and added that Congress leader Rahul Gandhi 'was right' about the app. A few days ago, Rahul Gandhi had claimed that the Aarogya Setu mobile application, designed to help users to identify whether they are at risk of the COVID-19 infection and provides people with important information, including ways to avoid coronavirus and its symptoms, is a "sophisticated surveillance system". The hacker went on to claim that the lapse may have been by design.
READ | Indian Navy launches 'Operation Samudra Setu' to repatriate Indians from Maldives
Hi @SetuAarogya,
— Elliot Alderson (@fs0c131y)
A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?
Regards,
PS: @RahulGandhi was right
49 minutes after this tweet, @IndianCERT and @NICMeity contacted me. Issue has been disclosed to them.
— Elliot Alderson (@fs0c131y)
To be super clear:
— Elliot Alderson (@fs0c131y)
- I'm waiting a fix from their side before disclosing publicly the issue. Putting the medical data of 90 million Indians is not an option.
- I have a very limited patience, so after a reasonable deadline, I will disclose it, fixed or not.
READ | MHA issues SOP for evacuation of Indian nationals stranded abroad, priority to distressed
Technology can help keep people safe, but fear must not be used to track citizens without their consent, the Congress chief had said.
The Arogya Setu app, is a sophisticated surveillance system, outsourced to a pvt operator, with no institutional oversight - raising serious data security & privacy concerns. Technology can help keep us safe; but fear must not be leveraged to track citizens without their consent.
— Rahul Gandhi (@RahulGandhi)
Aarogya Setu was launched by the Indian government on April 2 as the official app to help with contact tracing efforts. The app has been promoted by Prime Minister Narendra Modi and other BJP leaders and has been downloaded over 9 crore times already. The Centre has recently made the app mandatory for individuals in containment zones for COVID-19, and for all government officials.
READ | BJP slams Rahul Gandhi over praise for Pulitzer Prize winners, objects citation on Kashmir
READ | COVID-19: From zero, India now produces around 2 lakh PPE kits per day
Advertisement
Published May 6th, 2020 at 08:41 IST