Aarogya setu app is less secure

Aarogya setu app is less secure

CodeDudle May 09, 2020

Security issue in Govt’s COVID-19 tracking app puts privacy of  90 million Indians at risk.


We all know about the Aarogya setu app, its an mobile application developed by the Government of India to connect essential health services with the people of India in our combined fight against COVID-19. The App is aimed at augmenting the initiatives of the Government of India, particularly the Department of Health, in proactively reaching out to and informing the users of the app regarding risks.

hacking,hack facebook account,facebook hacker,ethical hacking,instahax0r,hack the box,hack instagram account,white hat hacker,black hat hacker


The Government of India says all is well with the Aarogya Setu app though.

An anonymous French hacker who known by the name of Elliot Alderson on Twitter has discovered a security issue in the Government’s Aarogya Setu COVID-19 tracking app that could potentially put the privacy of 90 million Indians at risk. Being an ethical hacker, Alderson has “flagged” the issue to India’s Computer Emergency Response Team (CERT) and the National Informatics Centre (NIC) that falls under the Ministry of Electronics and Information Technology. Alderson is notably the same hacker who had earlier exposed issues in the Government of India’s mAadhar app for Android.
On Tuesday, Alderson took to Twitter to claim that he had discovered a security issue in the Aarogya Setu app and asked the Government to contact him in private, so the hacker could disclose it to the authorities. The Government contacted the hacker soon enough and the issue was disclosed to them. Alderson now awaits a fix for the said issue, failure of which would entail the hacker in disclosing the issue in public, as per the core tenets of ethical “white hat” hacking.
hacking,hack facebook account,facebook hacker,ethical hacking,instahax0r,hack the box,hack instagram account,white hat hacker,black hat hacker

The Government of india has come out with a detailed response to the hacker’s claims in the few hours, last night. But the reason why we say the hacker still awaits a fix, is because in the words of Alderson, the Government basically said “(there’s) nothing to see here.” In other words, all is well with Aarogya Setu, as per the Government of India, even though the hacker appears to have raised not one, but two concerns with the app.
hacking,hack facebook account,facebook hacker,ethical hacking,instahax0r,hack the box,hack instagram account,white hat hacker,black hat hacker


On Wednesday, Alderson published a blog and stated why he thinks the app has security flaws. The two main concerns he points out is that anyone can access the internal database and that anyone can see who is sick anywhere in India, which violates privacy.
he says in his blog that "With only 1 click, an attacker can open any app internal file, including the local database used by the app called fight-covid-db,". He says that he spent less than two hours to figure out the flaws. He found that an activity called WebViewActivity was acting unusually and upon researching found that the activity has no host validation at all. He said he then tried to open an internal file, which opened up easily. He alleges that the flaw was "quietly fixed" by the developers.
you can see the explanation here

"Thanks to this endpoint an attacker can know who is infected anywhere in India, in the area of his choice. I can know if my neighbour is sick for example. Sounds like a privacy issue for me," he added.
Alderson stated that the app is not supposed to tell you the location of corona patients. "The first issue is a security issue and the second is a privacy issue. If you don't care about privacy, fine for you but it's still a privacy issue," he said.

hacking,hack facebook account,facebook hacker,ethical hacking,instahax0r,hack the box,hack instagram account,white hat hacker,black hat hacker


On May 5, Alderson took to social media to tell the Aarogya Setu app that there are security flaws in their platform that puts the data of 90 million Indians at risk. Soon after the tweet, Aarogya Setu took to Twitter to respond to the privacy flaws criticism and stated that no user's data was at risk.

In this article i have mention the detailed view of Aarogya setu and its security issues

                                     Top 5 Best Websites to learn Python Coding for Free - Best of Lot
                                      How Artificial Intelligence is helping to fight against COVID-19
                                  Learn Python for free
                                          






#hacking
#hack facebook account
#facebook hacker
#ethical hacking
#instahax0r
#hack the box
#hack instagram account
#white hat hacker
#black hat hacker

#ethical hacking course
#certified ethical hacker
#ceh certification
#ceh v10
#learn ethical hacking
#learn hacking online
#ethical hacking course fees













Tags
Reactions

Post a Comment

4 Comments

  1. satish kumar10 May 2020 at 19:59

    good information

    ReplyDelete
  2. Abhimanyu Kumar Shaw16 May 2020 at 18:55

    Again you have provided solid facts. Looking forward for more such posts related to technology.

    ReplyDelete
  3. Jyotish Kumar29 May 2021 at 21:40

    This article was so good that I did not skip a single word in this article, I could not know when time had passed while reading this article. I read your article daily and I also share it if I like it. I have written an article on aarogya setu app kya hai after learning from you. Sir/Mam, you always help us by writing articles and it is also our duty to share your articles as much as possible. Sir/Mam, now allow me to go.

    ReplyDelete
  4. Ravi K20 September 2021 at 01:40

    Check this superb and comprehensive article on Aarogya Setu App with al important details like color codes, contact tracing etc

    ReplyDelete

If you have any doubt, Please let me know.