The country's biggest telecom operator was offering this feature through its app.
Reliance Jio relies on its MyJio app to help its 388 million users to recharge their plans, and even download some of its apps. But recently they started a COVID-19 self-tracker which allowed people to answer some basic health-related questions and determine if they are at risk with high fever, or the virus. Turns out, as per a new report from TechCrunch, this feature had user data which had security issue that was left exposed.
The feature was available through Jio's website and a mobile app launched on 25 March for users across the country. The self-test data included the geolocation of the user, as noted by security research Anurag Sen, who was quoted in the report.
Sen's observations were then submitted to Reliance Jio, who switched off the access to the system where the database was hosted. Sharing more details about this security issue, Sen mentioned the database included records of people taking the test for themselves or other family members. Closer inspection of the feature on the MyJio app highlights the option to create a user profile. This includes details like name, address, date of birth and phone number among others.
The security researcher shared this information through this tweet, which said, "A security lapse at Indian telecom giant Jio exposed one of its databases storing records of users' coronavirus self-check results. Some records also contained a user's precise geolocation." He mentioned the database was created without a password, which allowed Sen to access the details and in fact alert the telecom giant.
Details about user's health condition, their whereabouts is a data goldmine for those vested interests, and leaving these details out in the open without any stringent security measure is a big concern that's not expected of a digital entity like Jio. We're hoping that Jio takes cognisance of its overall security standards in place in order to make sure that major security breaches/exposes are avoided and prevented in the near future.
This news comes a few days after Jio announced its plans to enter the highly popular video conferencing market with its Jio Meet platform in the coming weeks. This will be available via desktop, mobile and website rivalling Zoom, Google Meets and more.
You might like this