Skip to main content

India's Covid-19 Contact Tracing App Could Leak Patient Locations

posted onMay 6, 2020
by l33tdawg
Wired
Credit: Wired

As countries around the world rush to build smartphone apps that can help track the spread of Covid-19, privacy advocates have cautioned that those systems could, if implemented badly, result in a dangerous mix of health data and digital surveillance. India's new contact tracing app may serve as a lesson in those privacy pitfalls: Security researchers say it could reveal the location of Covid-19 patients not only to government authorities but to any hacker clever enough to exploit its flaws.

Independent security researcher Baptiste Robert published a blog post today sounding that warning about India’s Health Bridge app, or Aarogya Setu, created by the government’s National Informatics Centre. Robert found that one feature of the app, designed to let users check if there are infected people nearby, instead allows users to spoof their GPS location and learn how many people reported themselves as infected within any 500-meter radius. In areas that have relatively sparse reports of infections, Robert says hackers could even use a so-called triangulation attack to confirm the diagnosis of someone they suspect to be positive.

"The developers of this app didn’t think that someone malicious would be able to intercept its requests and modify them to get information on a specific area," says Robert, a French researcher known in part for finding security vulnerabilities in the Indian national ID system known as Aadhaar. "With triangulation, you can very closely see who is sick and who is not sick. They honestly didn’t consider this use of the app."

Source

Tags

Privacy

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th