Karthik IyerUpdated: May 13, 2020,
A few days back, an ethical hackerclaimed that India’s contact tracing app is super easy to hack. The government, in response, said it’s impossible and the app can’t be hacked. Well, let’s just say that their claims didn’t really age well because the Aarogya Setu app stands hacked right now.
Yes, the app has been hacked by a software engineer from Bangalore. Apparently, it only took him a few hours to get into the app and tear it down. The programmer, who goes by the name Jay, said he was looking for ways to avoid putting the app on his phone. So, he decided to sit down and rip it apart to prove how easy it is to fool it.
“I didn’t like the fact that installing this app is slowly becoming mandatory in India,” said Jay. As he started working on the app at 9 AM, he first managed to bypass the code for registration, thereby eliminating the need to enter his phone number.
He did some more pruning and managed to bypass the page that requested personal information like name, age, gender, travel history, and COVID-19 symptoms too. He even carved his way out of giving the app his permission to access things like GPS and Bluetooth, two things without which the app can’t do much.
© MensXP/ Akshay Bhalla
And just like that, he managed to install the app without giving away any of his details and he was marked “safe” even though he didn’t give any permission for it to run on his phone. By 1 PM, he was done with it. All this shows just how easy it is to hack your way around the app and effectively anybody with a little knowledge can do it.
And now that we know just how easy it is to fake your COIVD-19 status on the app, we wonder if it’s even reliable any more. Anybody could be showing a fake result, which completely breaks the purpose of having it on your phone, to begin with.
We are yet to have heard anything from the team behind Aarogya Setu, so we’ll update as soon as they come up with a statement.