Are the Indian IT and tech companies compromising on the user data security? The recent findings by a French security expert, who goes under a pseudonym 'Elliot Alderson' increases the fears and producing shivers down the spines to the users and the companies. Alderson is exposing bugs, flaws and loopholes in the security of the Indian companies.
Alderson has not just restricted to private companies but challenged the Indian government's prestigious Aadhaar or the UIDAI and India Post. For instance, Alderson reported that around 20,000 Aadhaar cards are publicly found on the web. He also pointed out that the UIDAI and Khosla Labs, a licenced Authentication User Agency (AUA) are risking the user data.
UIDAI’s Application Programming Interface (API) is available publicly on the web and can be reached through AUAs like Aadhaar Bridge that is managed by Khosla Labs and Quagga Tech companies. He named the UIDAI’s app development as ‘school project’ with a copy-paste work.
Alderson though his relentless tweets also pointed out that Medical records of cancerous children are found publicly.
Recently, Alderson also pointed out a security breach that is possible on IndianPostOffice subdomain, http://digitization.indiapost.gov.in. He said that the subdomain is vulnerable to an Apache vulnerability aka CVE 2017-5638.
Lastly, UIDAI's reaction to the allegations was not positive and it did not accept any of the accusations made by Alderson. Furthermore, he also found security flaws in the websites of Mumbai University and Allahabad University.
Alderson has not just restricted to private companies but challenged the Indian government's prestigious Aadhaar or the UIDAI and India Post. For instance, Alderson reported that around 20,000 Aadhaar cards are publicly found on the web. He also pointed out that the UIDAI and Khosla Labs, a licenced Authentication User Agency (AUA) are risking the user data.
UIDAI’s Application Programming Interface (API) is available publicly on the web and can be reached through AUAs like Aadhaar Bridge that is managed by Khosla Labs and Quagga Tech companies. He named the UIDAI’s app development as ‘school project’ with a copy-paste work.
Alderson though his relentless tweets also pointed out that Medical records of cancerous children are found publicly.
Recently, Alderson also pointed out a security breach that is possible on IndianPostOffice subdomain, http://digitization.indiapost.gov.in. He said that the subdomain is vulnerable to an Apache vulnerability aka CVE 2017-5638.
Lastly, UIDAI's reaction to the allegations was not positive and it did not accept any of the accusations made by Alderson. Furthermore, he also found security flaws in the websites of Mumbai University and Allahabad University.
No comments:
Post a Comment