French hacker Robert Baptiste, who goes by Elliot Alderson on Twitter, has accused the government of the security issues with its contact tracing app, Aarogya Setu. “A security problem has been spotted in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?” the hacker posted on Twitter tagging the official account of the app.
A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?
PS: @RahulGandhi was right
— Elliot Alderson (@fs0c131y) May 5, 2020
In a postscript on his tweet, the hacker added that Rahul Gandhi was right. The Congress MP had called the app a “sophisticated surveillance system” and said it raised “serious data security and privacy concerns”, on May 2 via Twitter. On the same day, Baptiste sent out a tweet saying, “Rahul Gandhi tweeted about the Arogya app. I guess I’m forced to look at it now.”
Baptiste also confirmed that both the Indian Computer Emergency Response Team (CERT-In) and the National Informatics Centre (NIC) got in touch with him 49 minutes after his initial tweet. Sources at Niti Aayog said that they will be releasing an official statement about Baptiste’s concerns soon.
The hacker has been in the news earlier for bringing out loopholes in the Indian government’s mAdhaar app earlier. He found that makers of the app were saving users’ biometric information in a database that could be easily breached. He was also amongst many hackers who breached Telecom Regulatory Authority of India (TRAI) chief R.S. Sharma’s personal information after Sharma put his Aadhaar number on Twitter asking people to show “one concrete example” where harm could be done to him.