The Ministry of Electronics and Information Technology (MeitY) Wednesday said it would take legal action against a company which had published an article allegedly detailing the security vulnerabilities in the Aarogya Setu app. The company, Security Brigade, was a part of a team engaged in the code review process of the app, MeitY said, adding they had made “various malicious, nefarious and unsubstantiated claims on security issues in Aarogya Setu app”.
“They were given access as an internal review arrangement and have misused the information shared with them in that capacity. It is absolutely unethical of them to have resorted to this blatantly unprofessional activity,” the Ministry said in statement shared late night on Wednesday.
Security Brigade, a UK based company, is a CERT-In empanelled agency which does cybersecurity audits. It had on its website published an article detailing alleged security vulnerabilities in Aarogya Setu app and how they had got access to user name, password and other details for the official Aarogya Setu GitHub account.
In a detailed article, the company had written that they had downloaded the source code of the app within a few minutes and that the involvement of private companies was a threat to the data of Aarogya Setu users.
The article was taken down a few minutes after the MeitY issued the statement in which it said it would take legal action against the company.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines