News National Security threats in Aarogya setu app, warns Ethical Hacker

Security threats in Aarogya setu app, warns Ethical Hacker

An Ethical Hacker alerted Aarogya Setu Team on potential security threats in the app.Setup Aarogya Setu App

Aarogya Setu app designed and developed to track Covid-19 infected patients has been alerted by an Ethical Hacker on potential security threats in the app.

Team Aarogya Setu issued a statement on data security of the App.

Though the statement by Aarogya Setu came just after Apple and Google said that, they would ban the use of location tracking apps that uses a new contact tracing system to detect Covid-19 positive patients.

Team informed that, The App fetches user location on a few occasions.

  • At the time of registration.
  • At the time of self-assessment.
  • When a user submits their contact tracing data voluntary through the App or when we fetch the contact tracing data of a user after they have turned COVID-19 positive.

They confirmed that all the user’s details collected by the app is stored in a secure, encrypted and anonymised manner.

User can get the COVID-19 stats displayed on Home Screen by changing the radius and latitude-longitude using a script.

The radius parameters are fixed and can only take one of the five values:

500 metres, 1km, 2km, 5km and l0km. These values are standard parameters, posted with HTTP headers. Any other value as part of the “distance” HTTP header gets defaulted to 1km.

The user can change the latitude / longitude to get the data for multiple locations. The API call though is behind a Web Application Firewall, and hence bulk cabs are not possible. Getting data for multiple latitude longitude this way is no different than asking several people of their location’s COVID-19 statistics. All this information is already public for all locations and hence does not compromise on any personal or sensitive data.

Aarogya Setu team further said, “We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified.”

They also thanked the Ethical Hacker on engaging with them. Any users who identify a vulnerability can inform the team immediately at [email protected]

The app already crossed 90 Million downloads across different platforms.

Aditya Raj
Writer & Co-founder of InfotOnline.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

Match 6, KXIP vs RCB : Kl Rahul and Co. demolish RCB by huge 97 runs

Kings XI tarnished RCB at Dubai international stadium by 97 runs to secure their first win. KL Rahul 132 not out helped Punjab put...

Into The Wild with Bear Grylls and Akshay Kumar sets new records

When the best of two fields collaborate, the outcome is certainly something impeccable. This has been again witnessed. Discovery's Into The Wild episode with...

YouTube Fanfest 2020 Dates & Line up out now

The much awaited news from the Indian YouTube community is finally here. YouTube Fanfest 2020 is happening on October 11 this year. YouTube India...

HAL can develop civilian version of LUH (Light Utility Helicopter) within four to five years: Arup Chatterjee

HAL can develop its Light Utility Helicopter (LUH) for civilian use within the time span of four to five years said Arup Chatterjee Director,...