One ethical hacker on Wednesday has claimed India’s contact tracing app called Aarogya Setu has security issues, which is likely to put 90 million users and their privacy in danger.
The hacker, who goes by the alias Elliot Alderson, reached out to the country’s regime via this tweet, ” Hi @SetuAarogya, a security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private? Regards,”
Soon he confirmed that someone from Indian CERT and NICMeity had reached out and the hacker shared the details of the issue with them accordingly.
“49 minutes after this tweet,@IndianCERTand@NICMeitycontacted me. Issue has been disclosed to them,” he said. After few hours, the Aarogya Setu team shared this note via a tweet,
He also shared location-based notification alerts from the app, which tells a person if they have any user who has reported positive, unwell or high risk in their area, covering up range of up to 10km.
The hacker says he’ll be sharing the full details about the issue that he has come across in the next few hours. We’ll update this story as and when that happens.
Aarogya Setu has been making the headlines for different reasons over the past few days. The app is reported to have got 90 million users in the country, and various organisations have made using the app mandatory. But security advocates have questioned its privacy measures and who tends to be liable for any mishaps caused by this app in the future.