Five in the PMO and two at Army HQ unwell on Tuesday, says ethical hacker from Europe

“If you love your country @SetuArogya, publish the source code” said the French ethical hacker Eliot Alderson (pseudonym) on Wednesday after suggesting that the app had a security issue, which was denied by the Government and Arogya Setu team.

Alderson claimed that after he shared the issue with the Arogya Setu team, the latter had “quietly” fixed the issue before releasing a statement saying late on Tuesday that there was no issue with the app.

On Wednesday Alderson promised to write a technical report on the app and tweeted :

“I don't know why people are still asking what were the issues, everything is already public: 1) In the previous version of the app, an attacker was able to get the content of any internal file of the app, local database included.

2) Yesterday, an attacker was able to know who is infected, unwell and made a self-assessment in the area of his choice.

3) Basically, I was able to see if someone was sick at the PMO office or the Indian parliament. I was able to see if someone was sick in a specific house if I wanted.

These are the issues.

And yes, yesterday: * 5 people felt unwell at the PMO office * 2 unwell at the Indian Army Headquarters *1 infected people at the Indian Parliament * 3 infected at the Home Office Should I continue?

Earlier Alderson had addressed another message to the Arogya setu team:

“The source code of @SetuAarogya needs to be open source. When you ask (force) people to install an app, they have the right to know what the app is really doing. If you love your country @SetuAarogya, publish the source code.”

Singapore did it.

Israel did it.

Iceland did it.

DP^3T, the contact tracing protocol, did it.

Your turn @SetuAarogya”