Search This Blog

Showing posts with label Personal Data. Show all posts

French Cyber security Analyst Claims He Could Access Details Of Corona-Infected Persons Via The Government-Mandated Aarogya Setu App


A French cybersecurity analyst by the pseudonym 'Elliot Alderson' on Twitter claims he could access details of Corona infected people via the government-mandated Aarogya Setu app.

Robert Baptiste wrote on Twitter that it was feasible for a remote attacker to know “who is infected, unwell, make a self-assessment in the area of his (attacker’s) choice.” He was able to see “if someone was sick at the PMO office or the Indian Parliament" even with the most recent variant of the Covid-19 contact tracing application.

The creators of Aarogya Setu albeit even issued a statement accordingly in response to dismissing Baptiste's prior claims.

The French cybersecurity analyst asserted that he could gain access to the details of positive cases at a location of his choice. He didn't present any confirmation in this regard however guaranteed a point by point report about the alleged security flaws.

The official statement released by Aarogya Setu said “no personal information of any user has been proven to be at risk by the French ethical hacker”.

The statement earlier gave by the creators of the application said it was feasible for a user to get information for various places by changing the latitude/longitude, which is, at any rate, an accessible data.

The creators, notwithstanding, demanded that mass assortment of this information was unrealistic as “the API call is behind a Web Application Firewall”.

However all this has given rise to a raging debate on the utilization of contact tracing applications by governments, Eivor Oborn, Professor of Healthcare Management at Warwick Business School, UK, says “I think a real breach is made if the professionals are forced to use the app and then are not allowed to discontinue the monitoring after the threshold of the pandemic is over; this to me is a greater concern.”

He included that in a democratic nation like India, citizens ought to have transparency with respect to what, when, and how the information is being utilized. “I think it is good for the governments concerned to tangibly show benefits that accrue from data use,” Prof Oborn stressed.

Nonetheless, the government's chief scientific advisor, Prof K VijayRaghavan, says that the source code of the application will be made open very soon, “India is the only democracy which has made the use of contact tracing app mandatory, so steps should be taken to make the codebase of the app open source, and users should be given the option to delete their data, even from the servers.”


Data Brokerage A Serious Concern?



With the increasing worth and volume of personal data, Data Brokers have begun to gain a gigantic amount of 'traction' as of late, offering to oversee and monetize consumers' personal data sets. Utilizing a variety of assets to assemble data, the firm gathers consumer data and offers to sell them to other business.

The data gathered is typically sold as profiles which are offered to different business, hoping to target individuals for various ad campaigns.

For some people over the world, data brokerage may be an extremely new term; however, this 'plan of action' has turned out to be one of the most profitable ones in this period — it is a $200 Billion industry.

So as to keep your information from getting sold or utilized by somebody, out of the considerable number of data brokers in the business, 43% of them enable consumers to 'opt-out' for free while others may need to pay a certain amount.

There was a rather shocking incident from India where in 2017, The Economic Times reached out as a purchaser to a data broker, selling personal data, and what they found was quite surprising, for just ₹10,000 and ₹15,000, the company was selling personal data of up to 1 lakh citizens in urban areas like Bengaluru, Hyderabad and Delhi.

While there have been many unlawful exercises and approaches by Data Brokers, this business frequently is known to operate following the law. They may get hold of a 'huge amount of data'; in any case, the manner in which they accumulate it doesn't appear to be illegal in any way.

Data Brokerage in the wake of turning into a genuine worry in the on-going long periods of its ascent, it has fallen under cautious examination and governments of numerous countries have already begun watching out for the operations of these companies.

In any case, the internet is something to be careful about as one of the common ways for gathering information is via the internet for the openly accessible information i.e. public data and people there can do things way beyond our imagination.

Personal data of almost a billion people are hacked








Personal data of nearly one billion people have been hacked by a caliginous company that is untraceable since the incident has happened. 

The database contains email addresses of around 982 million people. According to researchers, this could be the ‘biggest and most comprehensive email database' breaches ever.

The pieces of information that have been compromised includes names, gender, date of birth, employer, details of social media accounts and home addresses. 

The database was created by Verifications.io, and it did not have any kind of security measure. 

The firm was a marketing company, that offered a service of email validation to another marketing firm. The service includes authentication of email addresses. 

The company took down its website after the leak was uncovered and they have refused requests for a comment on the situation.

The motive behind the hack is not clear as the backers are maintaining their anonymity because of dubious tactics used by them to offer their service. 


Moreover, they have refused to comment on the situation.

Apple Launches Privacy Website; Focus on the Protection of User’s Personal Data





Apple on Wednesday launched a refreshed privacy website https://www.apple.com/privacy/ updating the minisite to offer better education to its customers making them aware as to how the company attempts to safeguard the user's personal data across all of its products and services.

The privacy minisite covers a variety of areas, offering as much as much information to users about the iPhone producer's approach to handling and anchoring user information. With the abundance of data put away on an iPhone, iPad, or Mac, Apple is also quick to offer clarifications and explanations to its user base, with the end goal to keep building trust between the company and the population who purchases its services and products.

The privacy website will advise the users on how to protect their information while giving them access to various new approaches to comprehend Apple’s privacy as a “fundamental human right” philosophy and deal with their data appropriately.

To limit individual information, iOS and macOS devices are presently being built to have the capacity to process locally, gather only reason-specific data and randomise information to guarantee that it isn't identifiable at a granular level. What a considerable number of companies are doing on the cloud utilizing their servers, Apple is now doing on the device, all credit to the powerful chips like the A12 Bionic.

The Opening Message on the new site –
“At Apple, we believe privacy is a fundamental human right. And so much of your personal information — information you have a right to keep private — lives on your Apple devices. Your heart rate after a run. Which news stories you read first. Where you bought your last coffee. What websites you visit. Who you call, email, or message. Every Apple product is designed from the ground up to protect that information. And to empower you to choose what you share and with whom.”

On the new website, Apple has one again elucidated that just when the new v “Information and Security” icon shows up does it request for personal information. All the various other administrations where this icon does not show up, does not require personal information from the users.