The Indian government denied the security issues raised by French hacker Robert Baptiste, who goes by Elliot Alderson on Twitter. “No personal information of any user has been proven to be at risk by this ethical hacker,” the government said through a tweet from the Aarogya Setu Twitter account.
Earlier today, the hacker had tweeted saying he has found security concerns on the app, adding that Congress leader Rahul Gandhi was right about calling it a surveillance tool. While Baptiste didn’t confirm what issues he had found, he said the Indian Computer Emergency Response Team (CERT-In) and the National Informatics Centre (NIC) had been in touch with him about the findings.
Baptiste’s second concern seems to have been about the app allowing users to display Covid-19 stats by using automated scripts. Users can get this data by changing the latitude and longitude locations data the app is getting from their phone. This can be done using GPS spoofing programs, and would reveal the stats for a location to everyone.
However, the government argues that such data is public already and running a script on the app is no different from asking people about the situation at their location. The team said that radius parameters are defaulted to 500 metres, 1km, 2km, 5km and 10km, and any other parameter will default back to 1km. This means people cannot set custom locations to pinpoint a certain colony, or place as they want.
In response to the government’s statement, Baptiste sent out a tweet saying he will “come back” tomorrow. “Basically you said ‘nothing to see here’. We will see,” he said in his tweet….
News Source: Livemint