Hyderabad: Puncturing the COVID safety balloon of the government, a top ethical hacker and cybersecurity expert from France has stated that the Aarogya Setu app is basically a surveillance system, and has started trending the hashtag #OpenSourceAarogyaSetu.

Taking to Twitter, the ethical hacker who goes by the moniker Elliot Alderson said that the moment a government forces its citizens to install an app, “it’s probably a good moment to be worried.” In Noida, citizens can be imprisoned up to 6 months or fined up to Rs 1,000 for not downloading the Aarogya Setu app.

Security issues in Aarogya Setu app

The ethical hacker pointed out several security issues including a flawed privacy policy. In another article published in Medium, the hacker said access to the app’s internal file is easy for any hacker. “With only one click, an attacker can open any app internal file, including the local database used by the app called fight-covid-db,” he said.

The second issue that was highlighted by Alderson was that if an attacker modifies his or her location and sets the radius of contact tracing under 100 km, he will be able to get the data of all those who are infected near him.

For instance, he shows how he had set his location to Mumbai and set the radius to 100 km, and got the required information. “Thanks to this endpoint, an attacker can know who is infected anywhere in India, in the area of his choice,” he said.

The hacker said the makers of the app admit that the user can get the data for multiple locations. “It is totally possible to use a different radius than the 5 hardcoded values…they also admit a user can get the data for multiple locations,” Alderson said, referring to a response from Aarogya Setu officials.

Aarogya Setu responded to these claims by asserting that no personal information of any user has been proven to be at risk by this ethical hacker. “We are continuously testing and upgrading our systems. Team Aarogya Setu assured everyone that no data or security breach has been identified,” it said.

Amritha Mohan

Amritha Mohan is a reporter at the NewsMeter. Shortly after completing her Master's in Communication at the University of Hyderabad, she began teaching courses on media and culture as a guest lecturer at the Department of Journalism and Mass Communication, North-Eastern Hill University (NEHU), Shillong. Amritha has previously interned with news organisations such as Greater Kashmir and Newslaundry. A lover of travel and photography, she spends most of her time planning road trips to the North-East. Nothing makes her happier than a green turf and a team to play football with. She primarily reports on education, tech, human-interesting and critical features.

Leave a Reply

Your email address will not be published. Required fields are marked *