Hacker flags 'security issue' in Aarogya Setu, government responds
A few hours ago, a French cybersecurity expert and hacker under the alias "Elliot Alderson" claimed that Aarogya Setu, the official contact-tracing app of the Government of India, carries a security issue. Now, the developers of Aarogya Setu have responded to the allegations, saying that the app does not pose any threat to the privacy or security of its users. Here's all about it.
Alderson's allegation of security issue
In a series of tweets on May 5, Alderson claimed to have discovered a security issue in the Aarogya Setu app. The hacker did not share the specifics of the flaw but claimed that the issue risked the privacy of 90 million Indians who have installed the app to keep themselves informed about close contact with a COVID-19 positive patient.
Contact with Indian Computer Emergency Response Team
Within an hour of tweeting, Alderson was contacted by the Indian Computer Emergency Response Team and National Informatics Centre, the developer of the app. The hacker said the authorities have been informed about the flaw but he would disclose it publicly after a reasonable deadline, if it remains unpatched. "Putting the medical data of 90 million Indians is not an option," Alderson emphasized.
Aarogya Setu's team responded on the matter
Hours after Alderson's remarks, the Aarogya Setu team shared a statement acknowledging the flagged issues. However, they emphasized that the problems raised by the hacker do not pose a security threat of any kind. "No personal information of any user has been proven to be at risk by this ethical hacker," the team said, adding that "no data or security breach has been identified".
Here is the complete response
No response from Alderson yet
So far, Alderson has not responded to the Aarogya Setu team's clarification. The hacker had identified flaws in the Aadhaar mobile application in 2018 and will likely share some evidence to prove his point in the case of Aarogya Setu, as well. Apart from Alderson, other organizations, including the Internet Freedom Foundation and Mozilla, have also raised questions over the app's privacy and security.
But, who is Elliot Alderson?
Alderson is a French security expert who is a network and telecommunications engineer by profession. He claims to have no ulterior motive behind his revelations other than highlighting serious security vulnerabilities so that they can be patched at the earliest. To be transparent about the whole process, Alderson openly communicates with the concerned organizations on Twitter, and often publicly posts DM conversations with them.
