Published 16:44 IST, May 6th 2020
Aarogya Setu team contacts hacker claiming security risk in India's flagship Covid app
The Centre has issued a statement on data security of the Aarogya Setu App after a French hacker claimed that there are security issues with the application.
Advertisement
The Centre on Wednesday has issued a statement regarding data security of the Aarogya Setu App after a French hacker Robert Baptiste, who goes by Elliot Alderson on Twitter, claimed that there are security issues with the government’s flagship Covid contact tracing platform. In its statement, Aarogya Setu Team assured the citizens that no security or data breach has been identified, and thanked the 'Ethical hacker'.
'No data or security breach has been identified'
"No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified," the statement reads, adding technical details.
It added, "We thank this ethical hacker on engaging with us. We identify any users who identify a vulnerability to inform us immediately at support.aarogyasetu@gov.in. Your continuous support will help us keep the App even more secure."
The statement also included a detailed clarification on the points of the 'app fetching user locations on a few occasions' and 'User can get the COVID-19 stats displayed on Home Screen by changing the radius and latitude-longitude using a script'. The hacker raised his concerns on these points during the conversation with the Aarogya Setu Team.
Statement from Team #AarogyaSetu on data security of the App. pic.twitter.com/JS9ow82Hom
— Aarogya Setu (@SetuAarogya) May 5, 2020
'Sophisticated surveillance system'
The hacker on Tuesday claimed that a security issue has been found in the app and added that Congress leader Rahul Gandhi 'was right' about the app. A few days ago, Rahul Gandhi had claimed that the Aarogya Setu mobile application, designed to help users to identify whether they are at risk of the COVID-19 infection and provides people with important information, including ways to avoid coronavirus and its symptoms, is a "sophisticated surveillance system". The hacker went on to claim that the lapse may have been by design.
Hi @SetuAarogya,
— Elliot Alderson (@fs0c131y) May 5, 2020
A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?
Regards,
PS: @RahulGandhi was right
49 minutes after this tweet, @IndianCERT and @NICMeity contacted me. Issue has been disclosed to them.
— Elliot Alderson (@fs0c131y) May 5, 2020
To be super clear:
— Elliot Alderson (@fs0c131y) May 5, 2020
- I'm waiting a fix from their side before disclosing publicly the issue. Putting the medical data of 90 million Indians is not an option.
- I have a very limited patience, so after a reasonable deadline, I will disclose it, fixed or not.
Technology can help keep people safe, but fear must not be used to track citizens without their consent, the Congress chief had said.
The Arogya Setu app, is a sophisticated surveillance system, outsourced to a pvt operator, with no institutional oversight - raising serious data security & privacy concerns. Technology can help keep us safe; but fear must not be leveraged to track citizens without their consent.
— Rahul Gandhi (@RahulGandhi) May 2, 2020
Aarogya Setu was launched by the Indian government on April 2 as the official app to help with contact tracing efforts. The app has been promoted by Prime Minister Narendra Modi and other BJP leaders and has been downloaded over 9 crore times already. The Centre has recently made the app mandatory for individuals in containment zones for COVID-19, and for all government officials.
08:41 IST, May 6th 2020