Aarogya Setu app has no vulnerability; no data, security breach has happened

The developers of the Aarogya Setu App said that there was no security vulnerability in the contact tracing application after a French security researcher Robert Baptiste, better known as Elliott Alderson, pointed that it could potentially leak data of the nearly 9 crore users who have downloaded the app

“No personal information of any user has been proven to be at risk by this ethical hacker,” Aarogya Setu said in a statement on its twitter handle. “”We are continiously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified”..

The government has mandated public sector and private employees who go to offices to download the app, as also people who are in the containment zone – localised areas where there is a Covid-19 positive case detected.

“I’m waiting a fix from their side before disclosing publicly the issue. Putting the medical data of 90 million Indians is not an option,” Baptiste said on the microblogging platform Twitter.

The French ethical hacker has been checking the app since late Monday, when he asked users who have not downloaded the app to share their number so that he can verify the content. He

“A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private,” he had Tweeted and later added, “49 minutes after this tweet,
@IndianCERT and
@NICMeity contacted me. Issue has been disclosed to them.”

Baptiste did not specify the vulnerability. The researcher has earlier written about security issues with the Aadhaar database.

Source Article