The surveillance platform built to track COVID-19 patients in India compromised through numerous vulnerabilities
It is necessity in a country like India where the lives of 1.5 billion Indians were at stake due to the coronavirus pandemic. Since Indians are well connected through smartphones (500 million users). The “Surveillance Platform Uttar Pradesh Covid-19”, the software appears to have been built by the regional government of Uttar Pradesh, a state of India. In this software the details of the CoronaVirus infected patient is recorded and tracked.
In a report shared to us by vpnMentor, it was found that “the surveillance platform built to track and trace COVID-19 patients in India has been compromised due to a lack of data security protocols that inadvertently left access to the platform wide open, along with exposing the data of millions of people from across India”
The report says that the first vulnerability of the platform was marked as an unsecured github repository which contained the code for the surveillance platform. Leaving the repository open the researchers also found that it contained “a ‘data dump’ of stored login credentials for its admin dashboard”.
The data dump found by the vpnMentor Team not only included the usernames and passwords for admin accounts but also other sensitive data. Getting further to the research the experts Noam and Ran discovered a data breach that affected the platform. This surveillance platform of Uttar Pradesh’s was exposed through numerous vulnerabilities and it was clear that this was all because of the lack of security provided.
The vpnMentor web scanner on 1st August 2020 detected the open system, on 9th August 2020 the team reviewed and analyzed the Data breach on the surveillance platform and contacted the Israeli embassy in India on 10th of August. Now extacly after a month on September 10th the Data breach was secured. The report also claimed that Uttar Pradesh has recorded over 136,000 confirmed positive cases of COVID-19 which is said to be roughly 5.66% of the total national number of cases in India (2.4 million).
We believe the exposed surveillance platform was built for the Uttar Pradesh Department of Health & Family Welfare and the state’s Directorate General of Medical Education & Training to track as much data as possible relating to individual cases of COVID-19 and its spread across the state. However, in the rush to build and scale the software across Uttar Pradesh, numerous basic security protocols were overlooked.