Not long after Congress leader Rahul Gandhi raised questions over the security and the data collection by the Aarogya Setu app, a French hacker Robert Baptiste, who goes by Elliot Alderson on Twitter has issued a warning that there are security issues with the government’s contact tracing app.
Hi @SetuAarogya,
— Elliot Alderson (@fs0c131y) May 5, 2020
A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?
Regards,
PS: @RahulGandhi was right
He later revealed that both the Indian Computer Emergency Response Team (CERT-In) and the National Informatics Centre (NIC) got in touch with him 49 minutes after his initial tweet.
When asked by another Twitter user if the flaw was by design, the hacker replied in affirmative!
Yes
— Elliot Alderson (@fs0c131y) May 5, 2020
The Aarogya Setu team has also released a statement in response to the claim made by Alderson.
Statement from Team #AarogyaSetu on data security of the App. pic.twitter.com/JS9ow82Hom
— Aarogya Setu (@SetuAarogya) May 5, 2020
Mind you, before you start questioning Alderson’s credibility, he’s the same guy who exposed the flaws in the Aadhaar app earlier. He had revealed that the developers of the app were saving users’ biometric information in a database that could be easily breached.
You can see the whole thread here.
According to Livemint, he was also amongst many hackers who breached TRAI chief R.S. Sharma’s personal information after the latter put his Aadhaar number on Twitter asking people to show ‘one concrete example’ where one could harm using the data on the card!
Meanwhile, the Modi government has made the app mandatory for individuals in containment zones for COVID-19, and for all government officials. Multiple private companies including delivery services Zomato and Swiggy, have already made their riders download the app.
