Ethical hacker points out flaws in Arogya setu app

Ethical hacker points out flaws in Arogya setu app

- By SOURAV DAS

A French hacker named Robert Baptiste tweets that he found a major security issue on the Arogya Setu app. He uses a pseudonym Elliot Alderson to post the tweet.

In a tweet, He said "A security issue found in your app. The privacy of 90 million Indians at stake. Can you contact me in private?".He tagged this tweet to the official handler of the app.

In his next tweet he said, "49 minutes after this tweet,@IndianCERT and @NICMeity contacted me. The issue has been disclosed to them."Soon after that the Arogya Setu developers also released a statement clarifying how the app works.

Hi @SetuAarogya,

A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?

Regards,

PS: @RahulGandhi was right

— Elliot Alderson (@fs0c131y) May 5, 2020

The developer says that the Arogya Setu app is designed to collect user's location certain points in the process. The user needs to register on the app and make a self-assessment. It depends on the user that they choose to share the contact tracing data or not.

The Arogya Setu app developed by the National Informatica Centre(NIC) under the Ministry of Electronics and Information Technology. It launch due to COVID-19 situation control. The government makes it mandatory for all private and government employees.

Statement from Team #AarogyaSetu on data security of the App. pic.twitter.com/JS9ow82Hom

— Aarogya Setu (@SetuAarogya) May 5, 2020

The hacker points out that Users can see the COVID-19 stats displayed on Home Screen by changing the location using a script. Arogya Setu developers say for this that this action does not compromise any personal information because the information is already public.