Search This Blog

Showing posts with label Government of India. Show all posts

French Cyber security Analyst Claims He Could Access Details Of Corona-Infected Persons Via The Government-Mandated Aarogya Setu App


A French cybersecurity analyst by the pseudonym 'Elliot Alderson' on Twitter claims he could access details of Corona infected people via the government-mandated Aarogya Setu app.

Robert Baptiste wrote on Twitter that it was feasible for a remote attacker to know “who is infected, unwell, make a self-assessment in the area of his (attacker’s) choice.” He was able to see “if someone was sick at the PMO office or the Indian Parliament" even with the most recent variant of the Covid-19 contact tracing application.

The creators of Aarogya Setu albeit even issued a statement accordingly in response to dismissing Baptiste's prior claims.

The French cybersecurity analyst asserted that he could gain access to the details of positive cases at a location of his choice. He didn't present any confirmation in this regard however guaranteed a point by point report about the alleged security flaws.

The official statement released by Aarogya Setu said “no personal information of any user has been proven to be at risk by the French ethical hacker”.

The statement earlier gave by the creators of the application said it was feasible for a user to get information for various places by changing the latitude/longitude, which is, at any rate, an accessible data.

The creators, notwithstanding, demanded that mass assortment of this information was unrealistic as “the API call is behind a Web Application Firewall”.

However all this has given rise to a raging debate on the utilization of contact tracing applications by governments, Eivor Oborn, Professor of Healthcare Management at Warwick Business School, UK, says “I think a real breach is made if the professionals are forced to use the app and then are not allowed to discontinue the monitoring after the threshold of the pandemic is over; this to me is a greater concern.”

He included that in a democratic nation like India, citizens ought to have transparency with respect to what, when, and how the information is being utilized. “I think it is good for the governments concerned to tangibly show benefits that accrue from data use,” Prof Oborn stressed.

Nonetheless, the government's chief scientific advisor, Prof K VijayRaghavan, says that the source code of the application will be made open very soon, “India is the only democracy which has made the use of contact tracing app mandatory, so steps should be taken to make the codebase of the app open source, and users should be given the option to delete their data, even from the servers.”


Facebook Makes Its Largest Bet on the Developing Market; Invests $5.7 Billion in Indian Internet Giant Jio


“The country is in the middle of a major digital transformation, and organizations like Jio have played a big part in getting hundreds of millions of Indian people and small businesses online. With communities around the world in lockdown, many of these entrepreneurs need digital tools they can rely on to find and communicate with customers and grow their businesses.”

This is what Mark Zuckerberg, the CEO of Facebook, said in a post to his Facebook page on the occasion of the social media giant making its biggest single investment by putting $5.7 billion into Jio Platforms of India on Tuesday.

Adding later on that the move indicates its 'commitment' to India, as approximately more than 388 million people in India have been in a solid connection with the internet service over the past four years via Jio.

While numerous businesses have been harmed by the aftermath from the Covid-19 pandemic, huge technology companies are positioned to profit over the long haul as more people resort to their services while keeping indoors.

Facebook is thusly making preparations to move ahead with vital and strategic investments at a very 'fragile' time in the global economy.

David Fischer, Facebook's chief revenue official, and Ajit Mohan, Facebook's managing director in India, in a blog-entry by-lined by the former said that “One focus of our collaboration with Jio will be creating new ways for people and businesses to operate more effectively in the growing digital economy. For instance, by bringing together JioMart, Jio’s small business initiative, with the power of WhatsApp, we can enable people to connect with businesses, shop, and ultimately purchase products in a seamless mobile experience.”

With more than 400 million Indian citizens utilizing WhatsApp and more than 300 million people utilizing the company's core social network, therefore Facebook sees a lot of chance with Jio.

Apart from this, last week India's Economic Times revealed that Facebook and Reliance were intending to use WhatsApp and Jio administrations to make a WeChat-style "super-app" for India.

Tencent's WeChat has enormous penetration in China, with in excess of a billion users and numerous independent businesses utilizing it for payments, promotion, and communication. Yet, it is to be noticed this isn't Facebook's first swoop into the Indian market.

Quite a long while ago, it attempted to offer free internet connectivity to Indian users in a program called Free Basics. Yet, that initiative hit a lot of obstacles until it was ultimately banned in the nation by the telecom regulator TRAI, in 2016.

What's more, is that the regulators concluded that businesses couldn't offer free internet services that supported only a few companies over the others. Facebook has been at a disagreement with the Indian government over WhatsApp for quite some time recently.

The government had demanded that WhatsApp change its encryption to trace messages back to their source, which WhatsApp refused to comply with. Simultaneously, regulators have over and over again thwarted WhatsApp's request to offer a payments service to its Indian users.

Here are some of the reaction tweets by people on the Jio-Facebook collab.







A Web Privacy Research Group Discovers Data Breaches In Two Indian Fintech Startups




Data breaches in two Indian fintech start-ups — Credit Fair and Chqbook were recently discovered by a web privacy research group called vpnMentor. While the former start-up has all to deal with online shopping credit to customers the latter is a finance marketplace which associates customers to credit cards, and personal loans providers.

The research group's team found that "both Credit Fair and Chqbook’s entire databases were unprotected and unencrypted. Credit Fair uses a Mongo Database, while Chqbook uses Elastic Search, neither of which were protected with any password or firewall.”

With regards to Chqbook, the research group 'claimed' to have accessed 67 GB of user information including sensitive data, like the user's telephone number, address , email, Credit card number, expiry date, transaction history, plain text passwords, gender, income and employment profile among other fields.

However, Vipul Sharma the founder of Chqbook denied the research group's claim that 67 GB of user data was comprised, rather he said that 'Chqbook does not have that much volume of data.'

In the case of Credit Fair, the research group said it was able to extract 44K user records containing fields, like phone number, detailed information of their loan applications, PAN number, IP address, session tokens, Aadhaar number, and more.

The 'lending company' as of now has still not fixed the issue as per the research group's post of July 31.

This is however not the first case of data breach in Indian start-ups, numerous well-known start-ups across various sectors have experienced at least one situation of data breach. Some recent ones include: Truecaller, Justdial, EarlySalary, Ixigo, FreshMenu, and Zomato.

Hence keeping in mind the ever expanding number of data breaches in the nation, the Indian government has begun observing the situation with a much serious eye that too at a policy level and in July, an high-level panel headed by Justice B.N Srikrishna submitted its recommendations and the draft Personal Data Protection Bill 2018 to IT minister Ravi Shankar Prasad.

Hopefully the Government's stance on requiring every single sensitive information of Indian users to be put away or stored locally to guarantee that the information is easily auditable will be viable this time.

Government of India blocked over 2,100 URLs







The Central Government of India has blocked over 2,100 URLs (Uniform Resource Locators) on social media platforms in the first six months of 2019. 

The Electronics and IT Minister Ravi Shankar Prasad informed the Parliament in a written reply to the Lok Sabha, said that a total of 633, 1,385 and 2,799 URLs were ordered for blocking in 2016, 2017 and 2018, respectively. 

“Section 69A of the Information Technology Act, 2000 empowers Government to block any information generated, transmitted, received, stored or hosted in any computer resource in the interest of sovereignty and integrity of India, defence of India, security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above,” he said.

The Minister said that this action was taken by the government to make social media platforms safer place. 


According to the written statement submitted, Ministry of Electronics and IT (MeitY) and Ministry of Home Affairs (MHA), and various police departments regularly monitor the various social media platform in order to remove the objectionable content.