Aarogya Setu app vulnerabilities

1 min


0
72 shares

Aarogya Setu GoI’s mobile application for contact tracing & dissemination COVID-19 in India is vulnerable to hacker attacks.

A French security researcher known as Elliot Alderson has discovered multiple vulnerabilities in the app.

On April the third, he showed how an attacker was able to get the content of any internal file of the app, the local database included.

Additionally as per 06.06.20 the security researcher discovered that an attacker would be able to know who is infected, unwell or made a self-assessment in the area of his choice.

This means that it is possible for him to check if someone was sick at the PMO office or the Indian parliament. Or even if a person was ill in a specific house.

Elliot Alderson disclosed he could verify that:

  • 5 people felt unwell at the PMO office
  • 2 sick at the Indian Army Headquarters
  • 1 infected people at the Indian parliament
  • 3 infected at the Home Office

After tweeting about the vulnerability, the security researcher, was contacted by the Indian Computer Emergency Response Team @IndianCERT and National Informatics Centre (NIC) of India @NICMeity.

The Team of Aarogya Setu Team came back with a statement that downplayed the findings.

Elliot Alderson, as a response, published the details of his findings inย a blog post. Additionally, he announced that even though the issues where dismissed, the bugs are now fixed.

Covid-19 tracing apps have the potential to use technology for a useful purpose. If done right and used by a big part of the population of a country, they can help in the fight in reducing the spread of the virus.

At the same time, they can also be a privacy nightmare if they do not provide sufficient security controls and transparency.

Edited on 07.05.2020 to add Elliot Anderson blog post and response.


Like it? Share with your friends!

0
72 shares
PiotrSec

Internet McNulty. Creating Hacked.wtf to make Cyber Security for everyone.

0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Choose A Format
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format
Send this to a friend