Remember the French hacker Robert Baptiste or Elliot Alderson who gave Aarogya Setu App’s users a nightmare by claiming that the privacy of 90 million Indians was at stake? The security issues have continued to haunt users of the government’s COVID-19 tracing app ever since. However, Mysore-based ethical hacker Ehraz Ahmed brushes aside the rumours revolving around the privacy issues.Also Read - 3 things to know about Ethical Hacking
“He just wanted to be on the news,” Ehraz said about Elliot during a telephonic interview with India.com. “The issue that he pointed out was very lame. It was not a serious threat,” Ahmed added. After identifying security flaws in Justdial, Truecaller and Airtel last year that could have exposed sensitive customer data of more than 300 million users, the 23-year-old entrepreneur decided to find bugs in the mobile applications that he was using and provide a solution to all hosting, server, malware and security related issues.
Having partnered with tech giants including Google, Microsoft, NordVPN, Digitalocean, Upcloud, Plesk, Elastic Email, Cloudflare, Stackpath and Comodo for its first stage earlier, Ehraz took on Aarogya Setu App to find whether the rumours around security breaches were true. Testing the app for himself, Ehraz revealed that there were “no flaws found.”
He assured, “Aarogya Setu is completely fine. They use a chatbot which sends information to the backend server if at all the criteria for COVID-19 matches. You are required to answer a set of questions which are then sent to the backend. The videos and even the chatbot are embedded so there is no disruption between the backend and the frontend.”
Ehraz is the founder of three highly successful organizations – ‘Aspirehive’ which is a Web Security firm, ‘StackNexo’ which is his firm that gives across a bouquet of Web Services and Voxy Wealth Management which is a FinTech. Addressing the rumours around Aarogya Setu being used to track people beyond COVID-19, Ehraz told india.com, “If the government wanted to track, it would have already done that through Aadhar which has your name, address and other details. The information shared on Aarogya Setu is not sensitive. The users send their location which is used to alert them about relevant COVID-19 hotspots. It is not used for any other malicious activities.”
However, according to the FinTech expert, Indian companies do not appreciate ethical hackers. “If we identify a flaw, it gets very stressful for us to get it fixed because the companies refuse to acknowledge it since they do not want to be in the news.” This in turn could lead to compromising of user security.