scorecardresearch
Follow Us:
Tuesday, June 02, 2020

Security lapse in Reliance Jio’s coronavirus symptom checker exposed user data: Report

There has been a security lapse at Reliance Jio’s end which exposed one of its symptom checker’s core databases to the internet without a password.

By: Tech Desk | New Delhi | Updated: May 4, 2020 12:17:40 pm
jio symptom checker, jio data leak, jio coronavirus symptom checker data leak, jio symptom checker data leak, jio, coronavirus symptom, covid19 Jio’s symptom checker database leaked online. (Image: Reuters)

After the Indian government imposed a nationwide lockdown to contain the spread of the coronavirus, Reliance Jio, like some other private companies, launched its own COVID-19 self-test symptom checker. However, there has been a security lapse from Jio’s end which exposed one of its symptom checker’s core databases to the internet without a password, reported TechCrunch.

Ever since the start of the coronavirus pandemic, we’ve seen a number of apps developed by government and private companies that aim to help users identify COVID-19 symptoms. Jio had also rolled out such a feature on its website and via its MyJio app.

The publication learned about the exposed database from security researcher Anurag Sen who found it on May 1, 2020. It contained millions of logs and records starting April 17. As per the report, the server contained a running log of website error and other system messages as well as user-generated self-test data.

This data includes a record of who took the test—such as self or relative, their gender, and their age along with a small snippet of information about the user’s browser version and the operating system. The database also carried individual records of those who signed up to create a profile as well as records contained the answers to each question asked by the symptom checker, the report said.

Also read | Jio, Facebook giving free 25GB daily data for 6-months? Beware, it’s a new COVID-19 scam

Making a profile helped users to update their symptoms over time and the questions asked by the symptom checker included queries like what symptoms they are experiencing, who they have been in contact with, and what health conditions they may have.

According to the report, some records also carried precise location of the users, which probably belong to people who granted the symptom checker access to their browser or phone’s location data.

Express Tech is now on Telegram. Click here to join our channel (@expresstechnology) and stay updated with the latest tech news

Reliance Jio was notified of the issue after which it pulled the system offline. Jio spokesperson Tushar Pania told the publication that they have taken immediate action. “The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms,” he told TechCrunch.

However, Pania did not clarify if Jio will inform symptom-checker users affected by this security breach or not.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.

Advertisement
Advertisement
Advertisement
Advertisement