Robert Baptiste wrote on Twitter that it was feasible for a remote attacker to know “who is infected, unwell, make a self-assessment in the area of his (attacker’s) choice.” He was able to see “if someone was sick at the PMO office or the Indian Parliament" even with the most recent variant of the Covid-19 contact tracing application.
The creators of Aarogya Setu albeit even issued a statement accordingly in response to dismissing Baptiste's prior claims.
The French cybersecurity analyst asserted that he could gain access to the details of positive cases at a location of his choice. He didn't present any confirmation in this regard however guaranteed a point by point report about the alleged security flaws.
The official statement released by Aarogya Setu said “no personal information of any user has been proven to be at risk by the French ethical hacker”.
The statement earlier gave by the creators of the application said it was feasible for a user to get information for various places by changing the latitude/longitude, which is, at any rate, an accessible data.
The creators, notwithstanding, demanded that mass assortment of this information was unrealistic as “the API call is behind a Web Application Firewall”.
However all this has given rise to a raging debate on the utilization of contact tracing applications by governments, Eivor Oborn, Professor of Healthcare Management at Warwick Business School, UK, says “I think a real breach is made if the pro ..
Support the originator by clicking the read the rest link below.
