Technology News
  • Home
  • Internet
  • Internet News
  • COVID 19 Surveillance Tool Apparently Used in Uttar Pradesh Exposed Data of Over 80 Lakh People: Researchers

COVID-19 Surveillance Tool Apparently Used in Uttar Pradesh Exposed Data of Over 80 Lakh People: Researchers

Researchers noticed the data breach through the tool called “Surveillance Platform Uttar Pradesh COVID-19” initially on August 1.

By Jagmeet Singh | Updated: 22 September 2020 17:36 IST
COVID-19 Surveillance Tool Apparently Used in Uttar Pradesh Exposed Data of Over 80 Lakh People: Researchers

The COVID-19 surveillance tool was discovered exposing personalising identifiable data of individuals

Highlights
  • Initial vulnerability was found an unsecured git repository
  • The tool exposed names, numbers, and addresses of individuals
  • It included data of non-Indian citizens and foreign residents as well
Advertisement

A COVID-19 surveillance tool that was apparently built by the state government of Uttar Pradesh put the data of 80 lakh citizens at risk, according to a report. The tool was found to have numerous vulnerabilities that all were exposing personally identifiable information data that included full names, ages, genders, resident addresses, and phone numbers of every individual who was tested for COVID-19 in the country's biggest state and its other parts, according to researchers. The data breach got secured on September 10 — over a month after it was first noticed.

Researchers from virtual private network (VPN) service provider VPNMentor noticed the data breach through the tool called “Surveillance Platform Uttar Pradesh COVID-19” on August 1. The surveillance platform was compromised through various vulnerabilities and all of them were pointing to a severe lack of security, the researchers noted in a blog post.

The first vulnerability was found in an unsecured git repository that contained a “data dump” of stored login credentials including usernames and passwords for admin accounts on the platform. Based on the initial discovery, VPNMentor analysts Noam Rotem and Ran Locar discovered an exposed Web index that contained a directory listing of CSV files. Those files listed all known cases of COVID-19 testing in Uttar Pradesh and other parts of India, reaching the amount of over 80 lakh people. There were data such as full names, addresses, and phone numbers along with test results of individuals.

The Web index also included the data of non-Indian citizens and foreign residents. Further, there were lists that had the information about many healthcare workers, according to the discovery.

Researchers mentioned in the blog post that the Web index was accessible without any password and was completely open to the public.

“While the directory listing didn't directly impact Uttar Pradesh's surveillance platform, it severely compromised the safety of the millions of people listed in the CSV files, whose data probably originated from the surveillance platform and other sources,” the researchers said.

After collecting the details from the discovery, the researchers submitted the report to share with the Indian government. The report was forwarded to the country's Computer Emergency Response Team CERT-In on August 27. The team of researchers also reached the UP cybercrime department, though it didn't respond. On September 7, CERT-In was reached out again by the researchers that eventually helped fix the issues, as per the blog post.

“Such malicious actions would have many real-world consequences on the effectiveness of Uttar Pradesh's response and action against coronavirus, potentially causing extreme disruption and chaos,” the researchers noted.

There is no information whether any of the exposed data was compromised by an attacker. However, the researchers at VPNMentor believe that the effect of the vulnerabilities in the surveillance tool could be felt far beyond the authorities working on COVID-19 relief in Uttar Pradesh.

Should the government explain why Chinese apps were banned? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: COVID 19, coronavirus, Uttar Pradesh
Jio Postpaid Plus Announced, Brings Unlimited Voice Calls, Access to Streaming Apps, and More

Related Stories

COVID-19 Surveillance Tool Apparently Used in Uttar Pradesh Exposed Data of Over 80 Lakh People: Researchers
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. JioCinema Premium Plans With Ad-Free 4K Streaming Announced: See Price
  2. Apple iPhone 15 Receives Price Cut on Flipkart: Here's How Much It Costs
  3. OnePlus 13 Tipped to Feature Same Screen Size as the OnePlus 12
  4. OnePlus Watch 2 Gets a New Nordic Blue Colour Variant: See Price
  5. iQoo Z9 Turbo, iQoo Z9, iQoo Z9x Launched: Check Price, Specifications
  6. Flipkart Upcoming Sale 2024: Check out Next Sale Date and Best Offers
  7. Oppo K12 With 100W Wired SuperVOOC Charging Launched: See Price
  8. Philips 5000 Series Indoor 360-Degree Security Camera Launched in India
  9. These Brands Could Launch the First Snapdragon 8 Gen 4-Powered Phones
  10. WhatsApp May Soon Let You Call Unsaved Contacts Using This Feature
#Latest Stories
  1. Itel T11 Pro TWS Earbuds With ENC, Up to 42-Hour Total Battery Life Debut in India: Price, Specifications
  2. Philips 5000 Series Indoor 360-Degree Security Camera With Offline Recording Launched in India
  3. Apple's Calculator App to Get a Major Upgrade, Could Be Released on the iPad: Report
  4. WhatsApp Now Supports Face Unlock for App Lock on Pixel 8 and Pixel 8 Pro
  5. Threads Is Testing an Automatic Post Archive Feature to Let Users Hide Old Posts
  6. US Seeks 3 Years Prison for Binance Founder Changpeng Zhao
  7. Nothing Phone 1 Gets ChatGPT Integration, RAM Booster, and More With Nothing OS 2.5.5 Update
  8. Hyundai, Kia to Launch First India-Made EVs Next Year
  9. Apple iPhone 15 Price in India Temporarily Cut on Flipkart: Here's How Much It Costs Now
  10. Oppo A3 With 6.67-Inch Display, 50-Megapixel Dual Rear Cameras Listed on TENAA
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »