Friday, 2 December 2016

On 23:35 by admin   No comments

It was not just the Twitter accounts of Rahul Gandhi and the Indian National Congress and their emails that were hacked, Prime Minister Narendra Modi’s famed app too faced a serious security breach. Only this time there were no obscenities posted; it was an attempt by a young hacker to point out the risk to data security.

Javed Khatri, a 22-year-old, who says he is a mobile app developer from Mumbai, contacted yourstory.com over email claiming he had hacked the Narendra Modi app.  It took only 15-20 minutes to hack the app, the young tech wiz told the site, hastening to add that there were several layers of security but there were some loopholes that he easily went through.
The content the young hacker was able to access points out the enormity of the breach, had it been carried out by persons/organisations/other governments with mala Fide intent.


“I am able to access private data of any user on the app. The data includes phone number, email, name, location, interests, last seen etc. I successfully managed to extract the personal phone numbers and email ids of ministers like Smriti Irani. Please find attached the screenshot,” Khatri was quoted as saying in his email.

“Not only that, I can make any user on the platform follow any other user on the platform. This is just the summary of this huge security loophole which I want to report. The privacy of more than seven million users is at stake if this gets ignored,” he was quoted as saying by yourstory.com.
Speaking to the website in an interview, which has since been pulled down, Khatri says he would like to go on record that his intent was not to cause any damage but to get the government and the stakeholders to pay attention the risk to the personal data of 7 million users, due to the app’s lack of security.

Khatri says he researches about security loopholes in his free time and has cracked through several apps and sites.

In this screenshot, which has been taken from an archived page of yourstory.com, one can see that the contact number of Jitendra Singh, Minister of State for Development of North Eastern Region, Prime Minister Office, is exposed (it has been blurred in the image to protect the data) . This data cannot be accessed normally via the app.

Javed tells the site that more 90 per cent of apps are hackable because the code of the app is not properly obfuscated. Yourstory.com staff then tested out Javed’s claims by signing up on the app, and sure enough Javed was able to access the personal details of the person that had signed up on the app.
Yourstory later seems to have pulled down the page. Firstpost.com which wrote about Javed Khatri’s interview to yourstory too has been pulled down soon after it was published.
Khatri even put out a tweet tagging @narendramodi_in – the personal account of the Narendra Modi website (narendramodi.in) and the Narendra Modi mobile app.  Several Twitter users retweeted screenshots of the Yourstory interview.

0 comments:

Post a comment