A French hacker named Robert Baptiste but goes under the name of Elliott Alderson on Twitter said he has remote access to all the data of the Aarogya Setu app. He said he could access all details of covid-19 infected persons through the app. Baptiste claims that even with the latest version of the app he is still able to see “ if someone was sick at the PMO office of the Indian parliament”. The hacker made his claims on Wednesday 6 May. His claims are that the app can expose sensitive health data of so many Indian citizens. His claims were coming hours after the Aarogya Setu team had denied the possible existence of any security issues. According to the French hacker “ 5 people felt unwell at the PMO office, 2 unwell at the Indian Army Headquarters, 1 infected person at the Indian parliament, 3 infected at the home office”. The Indian government responded to his claims and offered a clarification saying that there is no security legal in the app. Alderson’s tweet claiming how many people were sick at the moment came immediately after the government refused the claims. Elliott Alderson is the same French hacker who found problems in the Aadhar app. The app has been downloaded by over nine crore users and Elliot claims “The privacy of 90 million Indians is at stake”, according to him the Indian Computer Emergency Response Team and National Informatics Center has reached out to him to understand the problem.
Currently, there is no evidence supporting Alderson claims but it has been realized that other experts have raised concerns as well. When Aarogya Setu’s team came out to deny the claims saying that “ No personal information of any user has been proven to be at risk by this ethical hacker”, adding that no data or security breach has been identified by the team. In response to this the hacker said: “ I will come back to you tomorrow”. The app has broken records in how quickly it has been downloaded in India. Other claims were that the app could only fetch user location on a few locations and that a user could get the covid-19 status displayed on the home screen by changing the radius.
After Alderson’s tweet, a lot of people began to raise serious security concerns over the app. The Aarogya Setu app has been said to come under a lot of criticism because of lack of transparency and its source code not being open. The hacker also threatened to expose all flaws of the app openly, if the issues are not fixed within a deadline. Prof. K VijayRaghavan has said that the source code of the app will be made public soon.
