- The Union Minister for Railways announced that the probe into the cause of train accident in Odisha
- Two dead after a TATA ACE vehicle collided with a bus at Kondareddy circle in Pileru
- Hit Gujarati horror thriller ‘Vash’ set for Hindi remake with Ajay Devgn
- Massive Fire Breaks Out In Delhi's Jahangirpuri
- ‘Asur 2’ creator reveals show didn’t have writers’ room initially
- Arya shares interesting things about ‘Sarpatta Parambarai 2’
- Andhra Pradesh: Devotees rush continues at Tirumala amid weekend
- Bandi lists out top 10 jokes by KCR to people
- Andhra Pradesh: Light to Moderate rains predicted in state for three days amid surface trough
- Oxfam India To Offer Affected People Emotional Support And Counselling
No security breach in Aarogya Setu app, government assures after ethical hacker raises privacy concerns
The government on Wednesday said no data or security breach has been identified in Aarogya Setu after an ethical hacker raised concerns about a potential security issue in the app.
NEW DELHI: The government on Wednesday said no data or security breach has been identified in Aarogya Setu after an ethical hacker raised concerns about a potential security issue in the app.
The app is the government's mobile application for contact tracing and disseminating medical advisories to users in order to contain the spread of COVID-19.
On Tuesday, a French hacker and cyber security expert Elliot Alderson had claimed that "a security issue has been found" in the app and that "privacy of 90 million Indians is at stake".
Hi @SetuAarogya,— Elliot Alderson (@fs0c131y) May 5, 2020
A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?
PS: @RahulGandhi was right
Dismissing the claims, the government said "no personal information of any user has been proven to be at risk by this ethical hacker".
"We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified," the government said through the app's Twitter handle.
The tweet gave point-by-point clarification on the red flags raised by the hacker.
The app fetches users' location and stores on the server in a secure, encrypted, anonymised manner - at the time of registration, at the time of self assessment, when users submit their contact tracing data voluntary through the app or when it fetches the contact tracing data of users after they have turned COVID-19 positive, it said.
On another issue that users can get COVID-19 stats displayed on the home screen by changing the radius and latitude-longitude using a script, Aarogya Setu said that all this information is already public for all locations and hence does not compromise on any personal or sensitive data.
"We thank the ethical hacker on engaging with us. We encourage any users who identify a vulnerability to inform us immediately...," it said.
Responding to Aarogya Setu's clarification, Alderson tweeted, "I will come back to you tomorrow".
Basically, you said "nothing to see here"— Elliot Alderson (@fs0c131y) May 5, 2020
We will see.
I will come back to you tomorrow. https://t.co/QWm0XVgi3B