Home Technology Aarogya Setu Hacked In Four Hours Risking User Data Of 100 Million...

Aarogya Setu Hacked In Four Hours Risking User Data Of 100 Million People

Privacy of people is at stake

As we know, Aarogya Setu is an app released by the government to control the spread of coronavirus. Aarogya Setu, Hindi for “a bridge to health” is more likely to become a “bridge to attacking privacy” with the constant news on privacy concerns that are attached to this app. 

About two weeks ago, a French hacker who goes by the name Elliot Alderson warned the Indian authorities about the security issues in the app.

But the government quickly responded to the blames claiming that hacking the app is impossible.


Also Read: I Downloaded The Aarogya Setu App To See Its Accuracy: This Is What I Found


Hacked The App In Four Hours!

Jay, a software engineer from Bengaluru breached the app defences in just four hours.

He successfully managed to bypass the registration page that requires a phone number. Then, he also managed to get past the page that requires personal information like name, gender, age, travel history, and COVID-19 symptom checker. 

With a bit of effort, he was able to access the app without GPS or location access which are primary elements required to run the app. He shared that without allowing any access or checking, the app showed him as “safe”. 

Problem With Installing Aarogya Setu

Aarogya Setu demands 24/7 location access, and that creates a major privacy and security threat to the users. Despite this, the government has made this app mandatory in some regions.

The Additional Deputy Commissioner of Police, Law and Order, Ashutosh Dwivedi said- If smartphone users do not have the ‘Aarogya Setu’ app installed on their mobile phones, then that will be punishable and considered a violation of the lockdown directions.” 

In addition to this, the Ministry of Railway also made this app mandatory for the train passengers.

Jay, the person who hacked Aarogya Setu shared his thoughts with Buzzfeed

My concern is that just like with Aadhaar, soon you won’t be able to go to a restaurant or a movie theatre without the Aarogya Setu app installed. Even if the government doesn’t make it mandatory, cinema owners are going to impose it on you. That’s the kind of culture we have.”

He also added- “I’m rebelling against the mandatory nature of this app. I don’t want to share my location 24/7 with the government. If I was coding this app, I would have chosen to keep data points to a minimum. If I have your location information for a month, I can gauge a lot of things about your life.”

The bitter truth is that the app does have security faults, and the authorities were warned about it beforehand. Valuable information of more than 100 million people is at stake and with these security faults, this information can land on unsafe hands.

Talking about unsafe hands, if you don’t want Pakistani agencies spying on you, prefer downloading Aarogya Setu from Play Store or Indian Government website (mygov.in).

According to Hindustan Times, some Pakistani agencies created a clone app by the name “Aarogya Setu.apk”. This malicious app is said to be forwarded to Indian military WhatsApp groups by Pakistani Intelligence Operatives adopting Indian names, one such name was Anoshka Chopra.

Aarogya Setu was a great initiative by the government to use technology to control the spread of this pandemic. But considering all the present factors, the security of user data of this app is questionable.


Image Sources: Google Images

Sources: Financial ExpressIndia.com

Find Blogger: @mitalipatekar

This post is tagged under: breach of privacy, security flaws, concerns, hack, data, aarogya setu app, mandatory, French hacker, Bangalore, software engineer from Bengaluru, hacked


Other Recommendations: 

Dense Country Like India: Relaxed Lockdown Will Wreck Havoc

 

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to India’s fastest growing youth blog
to get smart and quirky posts right in your inbox!

Enter your email address:

Delivered by FeedBurner

Exit mobile version