A French cybersecurity analyst by the pseudonym ‘Elliot Alderson’ on Twitter claims he could access details of Corona infected people via the government-mandated Aarogya Setu app.
Robert Baptiste wrote on Twitter that it was feasible for a remote attacker to know
“who is infected, unwell, make a self-assessment in the area of his (attacker’s) choice.” He was able to see “if someone was sick at the PMO office or the Indian Parliament” even with the most recent variant of the Covid-19 contact tracing application.
The creators of Aarogya Setu albeit even issued a statement accordingly in response to dismissing Baptiste’s prior claims.
The French cybersecurity analyst asserted that he could gain access to the details of positive cases at a location of his choice. He didn’t present any confirmation in this regard however guaranteed a point by point report about the alleged security flaws.
The official statement released by Aarogya Setu said “no personal information of any user has been proven to be at risk by the French ethical hacker”.
The statement earlier gave by the creators of the application said it was feasible for a user to get information for various places by changing the latitude/longitude, which is, at any rate, an accessible data.
The creators, notwithstanding, demanded that mass assortment of this information was unrealistic as “the API call is behind a Web Application Firewall”.
However all this has given rise to a raging debate on the utilization of contact tracing applications by governments, Eivor Oborn, Professor of Healthcare Management at Warwick Business School, UK, says “I think a real breach is made if the professionals are forced to use the app and then are not allowed to discontinue the monitoring after the threshold of the pandemic is over; this to me is a greater concern.”
He included that in a democratic nation like India, citizens ought to have transparency with respect to what, when, and how the information is being utilized. “I think it is good for the governments concerned to tangibly show benefits that accrue from data use,” Prof Oborn stressed.
Nonetheless, the government’s chief scientific advisor, Prof K VijayRaghavan, says that the source code of the application will be made open very soon, “India is the only democracy which has made the use of contact tracing app mandatory, so steps should be taken to make the codebase of the app open source, and users should be given the option to delete their data, even from the servers.”