As we know, Aarogya Setu is an app released by the government to control the spread of coronavirus. Aarogya Setu, Hindi for “a bridge to health” is more likely to become a “bridge to attacking privacy” with the constant news on privacy concerns that are attached to this app.
About two weeks ago, a French hacker who goes by the name Elliot Alderson warned the Indian authorities about the security issues in the app.
A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?
PS: @RahulGandhi was right
— Elliot Alderson (@fs0c131y) May 5, 2020
But the government quickly responded to the blames claiming that hacking the app is impossible.
Statement from Team #AarogyaSetu on data security of the App. pic.twitter.com/JS9ow82Hom
— Aarogya Setu (@SetuAarogya) May 5, 2020
Also Read: I Downloaded The Aarogya Setu App To See Its Accuracy: This Is What I Found
Hacked The App In Four Hours!
Jay, a software engineer from Bengaluru breached the app defences in just four hours.
He successfully managed to bypass the registration page that requires a phone number. Then, he also managed to get past the page that requires personal information like name, gender, age, travel history, and COVID-19 symptom checker.
With a bit of effort, he was able to access the app without GPS or location access which are primary elements required to run the app. He shared that without allowing any access or checking, the app showed him as “safe”.
Problem With Installing Aarogya Setu
Aarogya Setu demands 24/7 location access, and that creates a major privacy and security threat to the users. Despite this, the government has made this app mandatory in some regions.
The Additional Deputy Commissioner of Police, Law and Order, Ashutosh Dwivedi said- “If smartphone users do not have the ‘Aarogya Setu’ app installed on their mobile phones, then that will be punishable and considered a violation of the lockdown directions.”
In addition to this, the Ministry of Railway also made this app mandatory for the train passengers.
Indian Railways is going to start few passenger trains services. It is mandatory for passengers to download Aarogya Setu app in their mobile phones, before commencing their journey
Download this app now –
Android : https://t.co/bpfHKNLHmD
IOS : https://t.co/aBvo2Uc1fQ pic.twitter.com/MRvP8QBVPU
— Ministry of Railways (@RailMinIndia) May 11, 2020
Jay, the person who hacked Aarogya Setu shared his thoughts with Buzzfeed.
“My concern is that just like with Aadhaar, soon you won’t be able to go to a restaurant or a movie theatre without the Aarogya Setu app installed. Even if the government doesn’t make it mandatory, cinema owners are going to impose it on you. That’s the kind of culture we have.”
He also added- “I’m rebelling against the mandatory nature of this app. I don’t want to share my location 24/7 with the government. If I was coding this app, I would have chosen to keep data points to a minimum. If I have your location information for a month, I can gauge a lot of things about your life.”
The bitter truth is that the app does have security faults, and the authorities were warned about it beforehand. Valuable information of more than 100 million people is at stake and with these security faults, this information can land on unsafe hands.
Talking about unsafe hands, if you don’t want Pakistani agencies spying on you, prefer downloading Aarogya Setu from Play Store or Indian Government website (mygov.in).
According to Hindustan Times, some Pakistani agencies created a clone app by the name “Aarogya Setu.apk”. This malicious app is said to be forwarded to Indian military WhatsApp groups by Pakistani Intelligence Operatives adopting Indian names, one such name was Anoshka Chopra.
Aarogya Setu was a great initiative by the government to use technology to control the spread of this pandemic. But considering all the present factors, the security of user data of this app is questionable.
Image Sources: Google Images
Sources: Financial Express, India.com
Find Blogger: @mitalipatekar
This post is tagged under: breach of privacy, security flaws, concerns, hack, data, aarogya setu app, mandatory, French hacker, Bangalore, software engineer from Bengaluru, hacked