That’s amateurish, Aarogya Setu can’t be hacked, says Govt – ETtech

Government officers have denied the claims of moral hacker Elliot Alderson that the Aarogya Setu app was hackable.”There has been no kind of hacking or breach of privateness within the Aarogya Setu. The allegations are based mostly on newbie makes an attempt by altering location & knowledge correlation to painting it as hacking. The app would have proven comparable knowledge to anybody at a specific location,” senior authorities officers mentioned, talking on the situation of anonymity.

They added that such claims appeared an try to draw consideration and is unethical. “Do not indulge in petty attempts to attract attention while we are in the midst of a pandemic. Ethics are important,” officers mentioned.

Alderson had claimed that on Tuesday, 5 individuals had felt unwell on the PMO workplace, two on the Indian Army Headquarters, one individual was contaminated on the Indian parliament and three on the Home Office.

Alderson claimed that on Tuesday, a cyber-attacker might know who’s contaminated and unwell and made a self-evaluation within the space of his alternative. “Basically, I was able to see if someone was sick at the PMO office or the Indian parliament. I was able to see if someone was sick in a specific house if I wanted,” Alderson had tweeted.

The Aarogya Setu workforce earlier within the day issued a press release saying they have been alerted by an moral hacker of a possible safety situation of Aarogya Setu and so they had mentioned the matter with him.“It was said that the App fetches user location on a few occasions. Our response is that this is by design and is clearly detailed in the privacy policy. We fetch a user’s location and store on the server in a secure encrypted, anonymised manner,” the Aarogya Setu workforce mentioned.

Read: Govt has no liability if Aarogya Setu data leaks

On the purpose {that a} person can get the COVID—19 stats displayed on Home Screen by altering the radius and latitude—longitude utilizing a script, the Aarogya Setu workforce mentioned: “The radius parameters are fixed and can only take one of the five values: 500 metres, 1km, 2km. 5km and 10km. These values are standard parameters, posted with HTTP headers. Any other value as part of the “distance” HTTP header will get defaulted to 1km.”

The workforce additional mentioned a person can change the latitude / longitude to get the info for a number of areas.

“The API call though is behind a Web Application Firewall and hence bulk calls are not possible. Getting data for multiple latitude longitude this way is no different than asking several people of their location‘s COVID—19 statistics. All this information is already public for all locations and hence does not compromise on any personal or sensitive data. No personal information of any user has been proven to be at risk by this ethical hacker,” the workforce mentioned in a press release.

Leave a Reply

%d bloggers like this: