Hacker finds flaws in COVID tracking Aarogya Setu app, leaks info from PM's office

New Delhi: Flagging security vulnerabilities on Indian government's coronavirus tracking app Aarogya Setu, a French ethical hacker and cyber security expert claimed that five people felt unwell at the Prime Minister's Office (PMO) on May 5.

The hacker who goes by the Twitter alias "Elliot Anderson" had claimed that "a security issue has been found" in the app and that "privacy of 90 million Indians is at stake".

On Wednesday, he apparently “leaked” info from the app and claimed that five people felt unwell at the PMO office, 2 at the headquarters of the Indian Army, one at the Parliament and three at the office of the Ministry of Home Affairs.

The “revelations” come as Union IT minister Ravi Shankar Prasad asserted that the Aarogya Setu was "secure" and there was no privacy breach in it.

The government dismissed Alderson's claim. It said "no personal information of any user has been proven to be at risk by this ethical hacker".

Elliot Anderson grabbed headlines earlier by pointing out flaws in the Centre's Aadhaar mobile application and alleged that the user data can be accessed easily by someone with coding knowledge. He had also pointed out security vulnerabilities in the websites and applications by various government agencies.

Nine crore users

Close to nine crore users have downloaded the applications as on May 4.

The government has been using the mobile application for contact tracing and disseminating medical advisories to users in order to contain the spread of COVID-19.

"This is a technological invention of India. Ministry of Electronics and Information Technology, our scientists, National Informatics Centre, Niti Aayog and some private (entities) have collaborated in it. It is a perfectly accountable platform to help in the fight against COVID-19. It is safe and secure. The data is in an encrypted form. Most importantly, it is for the safety of Indians in public interest because it cautions you in the event there is a COVID-infected person in your vicinity," Prasad was quoted as saying by PTI.

He rejected charges that it was a "sophisticated surveillance system" that was leveraged to track citizens without their consent.

Mandatory app

Last week, the Centre made it mandatory for government and private sector employees to use Aarogya Setu mobile application to bolster the efforts to fight the COVID-19 pandemic, and instructed the organisational heads to ensure 100 percent coverage. The Union Home Ministry also said the mobile app will be a must for people living in COVID-19 containment zones.

Following the government's announcement, Congress leader Rahul Gandhi alleged that the app is a "sophisticated surveillance system, outsourced to a private operator, with no institutional oversight", raising serious data security and privacy concerns.

"Technology can help keep us safe; but fear must not be leveraged to track citizens without their consent," Gandhi had said.

Using the GPS (global positioning system), the app helps track movement of COVID-19 patients within coronavirus hotspots.

However, the opposition party and others have maintained that the application captures more information than necessary for the tracking purposes.

Prasad said the mobile application also helps tracing contacts in the event a person is infected.

Prime Minister Narendra Modi has been urging people to download the Aarogya Setu app, saying it is a fantastic use of technology to combat coronavirus.

"Tracks the spread of COVID-19 and notifies you if someone around you is suffering from it. Also lists help-desk numbers of various states," he had said in a series of tweets last month.

The comments posted here/below/in the given space are not on behalf of Onmanorama. The person posting the comment will be in sole ownership of its responsibility. According to the central government's IT rules, obscene or offensive statement made against a person, religion, community or nation is a punishable offense, and legal action would be taken against people who indulge in such activities.