[ad_1]
, Manoj C G
The | New Delhi |
Posted: May 7, 2020 4:48:27 AM
Aarogya Setu is a contact tracking application developed by the National Center for Informatics (NIC) of the Ministry of Electronics and Information Technology. (Express photo: Sneha Saha)
On Wednesday, Congress again criticized the central government for Aarogya Setu, India’s contact tracking app, arguing it raises serious concerns about data security and privacy. He said that the application detects and tracks the movement of users, and that it can be misused since there is a human interface in the backend.
The government, for its part, “assured” that “no data or security violation has been identified.”
Randeep Surjewala of Congress argued that an ethical hacker had pointed out Tuesday “serious privacy flaws” in the app. He said the hacker, who goes by the pseudonym Elliot Alderson, has claimed that he had been contacted by the Indian Computer Emergency Response Team (CERT-in) and the National Computer Center (NIC).
“If there was no problem, why did CERT contact the ethical hacker?” Surjewala said. Shortly after the Surjewala press conference, the hacker posted a series of tweets that mentioned security issues with the app.
The government defended the application in response to Alderson’s claims. It released a statement Wednesday morning about the official app identifier Aarogya Setu saying that “this ethical hacker has not shown that any user’s personal information is at risk,” and “claimed” that “no data or security. ” identified”.
He said he had discussed the issues raised by the “ethical hacker,” and that they were either by design or the information was already public and did not “compromise any personal or confidential data.” He thanked “this ethical hacker” for interacting with them and encouraged “any user who identifies any vulnerability” to inform them.
Alderson, who runs the identifier @ fs0c131y on Twitter, is a French Android developer whose real name is Robert Baptiste. He mentioned on Wednesday that he was able to access through the information application about people infected with COVID-19 and that he felt bad, among other data points, including people in sensitive offices such as the PMO or the Parliament. “I could see if someone was sick in a specific house if they wanted to,” Alderson tweeted. In the evening, he released a security note detailing his findings.
In another tweet, he said: “And yes, yesterday: – 5 people felt bad at the PMO office – 2 bad at the headquarters of the Indian army – 1 people infected in the Indian parliament – 3 infected in the Interior Ministry.”
He asked the government to make the source code of the application “open source”. “When you ask (force) people to install an application, they have the right to know what the application is really doing. If you love your country @SetuAarogya, post the source code. “
When asked about how to make the application open source, a senior IT ministry official, calling the application “robust and secure,” said: “Open source is a luxury and in peacetime I would love to do that … If you are a person with serious intent, then the responsible behavior of an ethical hacker is to do what is called a responsible disclosure. “
About the private developers working on the app, he said: “They came as volunteers. They have not come on behalf of their companies. “
Previously, The Indian Express reported that the application is on a cloud server from Amazon Web Services. –With inputs of
Karishma Mehrotra
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
For the latest news from India, download the Indian Express app.
.
[ad_2]
