- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
An ethical hacker namely Elliot Alderson in his Twitter account stated that privacy of 90 million Arogya Setu app users are at stack. However, he urged to reveal this security flaws only to concerned office only. Hi @SetuAarogya,— Elliot Alderson (@fs0c131y) May 5, 2020
A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?
Regards,
PS: @RahulGandhi was right
Immediately after that Arogya Setu App issued a notice stating that this app fetches location in few cases. A user can see Covid + patients in the radius of 500 m, 1 km, 5 km and 10 km. By using script anyone can change his/her Lat Long of the mobile. So, by changing the lat long one can see Covid + patient at that concerned area.
Statement from Team #AarogyaSetu on data security of the App. pic.twitter.com/JS9ow82Hom— Aarogya Setu (@SetuAarogya) May 5, 2020
As a cyber security reviewer I don't see any vulnerable data at stack. This app is to inform people about Covid+ cases in their locality. There is no backdoor as of now to get the users details such as names, id, phone numbers etc. It is more like asking different people about Covid+ cases near his/her location. Same is well explained by Cyber Security expert Jiten Jain in the video provided.
Let's see what else useful data ethical hacker
Elliot Alderson can provide by exploiting this app base. Comment below for any query as well as information regarding this app. You may also inform about the vulnerabilities of Arogya set app in support.aarogyasetu@gov.in. Basically, you said "nothing to see here"— Elliot Alderson (@fs0c131y) May 5, 2020
We will see.
I will come back to you tomorrow. https://t.co/QWm0XVgi3B