Skip to main content

Sphero Indi Is a Tiny Robotic Car That Helps Children Learn Programming

Post a Comment

Critical DigiLocker Vulnerabilities Put 3.8 Crore Users at Risk: Researcher


Critical DigiLocker Vulnerabilities Put 3.8 Crore Users at Risk: Researcher

By Techtonic group

The Indian government's 'DigiLocker' online cloud service reportedly had a critical authentication flaw that could have potentially allowed hackers to access personal data of 38 million (3.8 crore) users. That's according to cyber-security researcher, Ashish Gahlot, who says he discovered the vulnerability while analyzing its platform's authentication mechanism.

In a detailed post on Medium, he claimed that the vulnerability allowed him to intercept the connection and bypass the authentication with just a simple script. According to him: "So we can just write a python script ... and by just knowing the username we can change the password of ANY USER".

As it turns out, the flaw allowed anyone with sufficient skills to change the PIN of someone else's account even without a password. The flaw could also have potentially allowed malicious actors to take over user profiles by bypassing the OTP process and modifying the response using an automated script to intercept the connection between the client device and the DigiLocker server.

Thankfully, both the flaws are now said to have been fixed. Gahlot says he contacted the DigiLocker team with his findings on May 16th. While the OTP loophole was plugged just a couple of days later on May 18th, the PIN bypass vulnerability was fixed on June 1st.

The flaws in the DigiLocker system have now been fixed, but the developments still raise more questions about the security of government-run digital platforms in the country. While Aadhaar has suffered multiple security breaches since its inception, the recently open sourced COVID-19 contact tracing app, Aarogya Setu, also reportedly has severe security loopholes that might jeopardize the privacy of unsuspecting users.

Labels:

Comments

Post a Comment

Popular posts from this blog

Instagram Parteners with Swiggy, Zomato to Let Resturant Add 'Food Order' Stickers in Stories

Instagram Parteners with Swiggy, Zomato to Let Resturant Add 'Food Order' Stickers in Stories By Techtonic group Instagram recently gave users the option to promote small (and local) businesses by placing a sticker in their Stories. Now, the company has partnered with two of India's renowned food delivery apps -  Swiggy and Zomato  - to bring a similar feature to the restaurant owners. It has debuted a new  'Food Order' sticker  that restaurants can include in their Stories to drive sales. The Coronavirus-led lockdown saw almost all restaurants and eateries shut shop for several days. And even when they opened, netizens have been wary to eat outside or order in due to hygiene concerns. Well, as restaurants open up in line with the WHO safety guidelines, they can now head to Instagram to find a new 'Food Orders' sticker in the Stories section. This new sticker is interactive and will  enable users to place food orders  simply by tapping on the sa...
Post a Comment
Read more

Apple Slams Tile After Being Accused of Violating EU Antitrust Laws

Apple Slams Tile After Being Accused of Violating EU Antitrust Laws By Techtonic group In a move that could further compound Apple's regulatory problems in Europe, the company is now facing allegations of monopolistic trade practices from fellow Silicon Valley tech firm,  Tile . In a letter sent to European competition commissioner, Margrethe Vestager, this week, Tile said that Apple was making it difficult for users to use its product with iPhones. According to the complaint, the Cupertino giant is favoring its own 'FindMy' application in violation of the region's antitrust regulations by selectively disabling features of the Tile tracking app. Apple's actions, the complaint alleges, are aimed at preventing the Tile app from working seamlessly with iPhones and iPads. The allegations come at a time when Apple is expected to launch  its own Tile-like tracking devices , expected to be called  Apple Tags . According to Tile's lawyer, Kirsten Daru, the ...
Post a Comment
Read more

Xiaomi Mi True Wireless Earphones 2 To Launch Alongside Mi 10 on 8th May in India

Xiaomi Mi True Wireless Earphones 2 To Launch Alongside Mi 10 on 8th May in India By Techtonic group After multiple delays due to the nationwide lockdown, Xiaomi yesterday  announced  that its latest flagship smartphone - Mi 10 will launch in India on 8th May later this week. Now, the Chinese giant has taken to Twitter to reveal that it won't be the only product launching that day. Xiaomi uploaded a teaser video on Twitter just moments ago and it  reveals that the Mi True Wireless Earphones 2 will launch in India  alongside the Mi 10. The company first launched its truly wireless earbuds in China back in September last year, followed by a global launch in Europe in March earlier this year. Mi India ✔ @XiaomiIndia We love the wireless world. Mi fans, we're launching one more product you all have been waiting for, along with # Mi10 on May 8th. Leave your guesses in the comments.  RT if you #wirelessfreedom ...
2 comments
Read more