Coronavirus Outbreak: Aarogya Setu team says 'no user data at risk' after French hacker raises concerns over 'security of 90 million Indians'

The official handle of Aarogya Setu contact-tracing app, developed by the National Informatics Centre (NIC), under the Ministry of Electronics and Information Technology, asserted late on Tuesday that 'no personal information of any user has been proven to be at risk'.

FP Staff May 06, 2020 09:32:31 IST
Coronavirus Outbreak: Aarogya Setu team says 'no user data at risk' after French hacker raises concerns over 'security of 90 million Indians'

The official handle of the Aarogya Setu contact-tracing app, developed by the National Informatics Centre (NIC), under the Ministry of Electronics and Information Technology, asserted late on Tuesday that "no personal information of any user has been proven to be at risk".

The reply from the team came in response to a tweet by Elliot Alderson, a French security researcher, earlier in the day, who claimed: "Hi Aarogya Setu, A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private? Regards. PS: Rahul Gandhi was right."

Rahul Gandhi on 2 May had called the app a “sophisticated surveillance system" and said it raised “serious data security and privacy concerns", via Twitter. On the same day, Alderson sent out a tweet saying, “Rahul Gandhi tweeted about the Arogya app. I guess I’m forced to look at it now."

The French hacker then confirmed that both the Indian Computer Emergency Response Team (CERT-In) and the National Informatics Centre (NIC) got in touch with him 49 minutes after his initial tweet, pointing out the security issue.

Following this, late Tuesday night, the Twitter handle of Aarogya Setu put out an official statement which said that they were alerted “by an ethical hacker of a potential security issue in the app”, which they discussed with him, but “no personal information of any user has been proven to be at risk” by the hacker.

The statement said the Alderson had pointed out two issues — “the app fetches user location on a few occasions”, and a “user can get the COVID-19 stats displayed on the home screen by changing the radius and latitude-longitude using a script.”

The app's team clarified that the fetching of a user’s location is “by design”, and it is “stored on the server in a secure, encrypted and anonymised manner.”

Regarding the second issue, the team said the radius parameters on the app “are fixed and can only take one of the five values: 500 m, 1 km, 2 km, 5 km, and 10 km.” It added that the information does not “compromise on any personal or sensitive data”.

Alderson responded to the tweet last night, saying: “Basically, you said “nothing to see here” We will see. I will come back to you tomorrow.”

Updated Date:

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.

also read

India reports 14,545 new COVID-19 infections taking total over 1.06 cr; active cases below 1.89 lakh
Health

India reports 14,545 new COVID-19 infections taking total over 1.06 cr; active cases below 1.89 lakh

The COVID-19 toll as of Friday stands at 1,53,032 with 163 fatalities reported in the past 24 hours, said the Union health ministry

India registers 14,256 new COVID-19 infections, 152 deaths; active cases below 1.85 lakh
Health

India registers 14,256 new COVID-19 infections, 152 deaths; active cases below 1.85 lakh

At least 1,03,00,838 patients have recuperated so far, pushing the national recovery rate to 96.81 percent, said the health ministry on Saturday

India's sees lowest number of COVID-19 deaths in over 8 months, caseload rises to 1.06 core
India

India's sees lowest number of COVID-19 deaths in over 8 months, caseload rises to 1.06 core

The country reported 13,203 new coronavirus cases on Monday, taking the overall count to 1,06,67,736 and the toll rose by 131 to 1,53,470