October 28, 2020


Data exposed after using surveillance app for COVID-19 in UP

UP government built a surveillance app named, “Surveillance Platform Uttar Pradesh COVID-19” during this pandemic for the citizens of Uttar Pradesh but according to a recent report, the data of over eighty lakh people are at high risk. Data like age, sex, address, name, and of course phone numbers were revealed due to this app. People who were tested for coronavirus has all their personal information revealed because of the app. The breached data was finally protected after 30 days when it was first observed.

The breach of information was first observed by a couple of researchers who were using the app on 1st August 2020 and the app was compromising almost several vulnerabilities which lead it to lack the safety and security of personal information and data.

 

 

An indiscreet pothole was first found in an area called data dump where login identifications were stored along with the user’s name and his/her password. Other than that, there was also CSV files’ directory entry.

There was a leakage of information for citizens who were Indian or foreigners. Also, information about healthcare workers was there as well.

The shocking thing was that the platform where it was happening didn’t require any password and anyone from the public can directly access it.

After all the information was gathered regarding unsecured data, the 2 researchers gave their investigation report to the Government of India. It was later given to CERT-in around the end of the month. The report was also shared with the cybercrime division of Uttar Pradesh. During the first week of the month, the computer emergency response team fix the problem along with the 2 researchers.