Skip to main content

Sphero Indi Is a Tiny Robotic Car That Helps Children Learn Programming

Post a Comment

Critical DigiLocker Vulnerabilities Put 3.8 Crore Users at Risk: Researcher


Critical DigiLocker Vulnerabilities Put 3.8 Crore Users at Risk: Researcher

By Techtonic group

The Indian government's 'DigiLocker' online cloud service reportedly had a critical authentication flaw that could have potentially allowed hackers to access personal data of 38 million (3.8 crore) users. That's according to cyber-security researcher, Ashish Gahlot, who says he discovered the vulnerability while analyzing its platform's authentication mechanism.

In a detailed post on Medium, he claimed that the vulnerability allowed him to intercept the connection and bypass the authentication with just a simple script. According to him: "So we can just write a python script ... and by just knowing the username we can change the password of ANY USER".

As it turns out, the flaw allowed anyone with sufficient skills to change the PIN of someone else's account even without a password. The flaw could also have potentially allowed malicious actors to take over user profiles by bypassing the OTP process and modifying the response using an automated script to intercept the connection between the client device and the DigiLocker server.

Thankfully, both the flaws are now said to have been fixed. Gahlot says he contacted the DigiLocker team with his findings on May 16th. While the OTP loophole was plugged just a couple of days later on May 18th, the PIN bypass vulnerability was fixed on June 1st.

The flaws in the DigiLocker system have now been fixed, but the developments still raise more questions about the security of government-run digital platforms in the country. While Aadhaar has suffered multiple security breaches since its inception, the recently open sourced COVID-19 contact tracing app, Aarogya Setu, also reportedly has severe security loopholes that might jeopardize the privacy of unsuspecting users.

Labels:

Comments

Post a Comment

Popular posts from this blog

Instagram Parteners with Swiggy, Zomato to Let Resturant Add 'Food Order' Stickers in Stories

Instagram Parteners with Swiggy, Zomato to Let Resturant Add 'Food Order' Stickers in Stories By Techtonic group Instagram recently gave users the option to promote small (and local) businesses by placing a sticker in their Stories. Now, the company has partnered with two of India's renowned food delivery apps -  Swiggy and Zomato  - to bring a similar feature to the restaurant owners. It has debuted a new  'Food Order' sticker  that restaurants can include in their Stories to drive sales. The Coronavirus-led lockdown saw almost all restaurants and eateries shut shop for several days. And even when they opened, netizens have been wary to eat outside or order in due to hygiene concerns. Well, as restaurants open up in line with the WHO safety guidelines, they can now head to Instagram to find a new 'Food Orders' sticker in the Stories section. This new sticker is interactive and will  enable users to place food orders  simply by tapping on the sa...
Post a Comment
Read more

Xiaomi Mi True Wireless Earphones 2 To Launch Alongside Mi 10 on 8th May in India

Xiaomi Mi True Wireless Earphones 2 To Launch Alongside Mi 10 on 8th May in India By Techtonic group After multiple delays due to the nationwide lockdown, Xiaomi yesterday  announced  that its latest flagship smartphone - Mi 10 will launch in India on 8th May later this week. Now, the Chinese giant has taken to Twitter to reveal that it won't be the only product launching that day. Xiaomi uploaded a teaser video on Twitter just moments ago and it  reveals that the Mi True Wireless Earphones 2 will launch in India  alongside the Mi 10. The company first launched its truly wireless earbuds in China back in September last year, followed by a global launch in Europe in March earlier this year. Mi India ✔ @XiaomiIndia We love the wireless world. Mi fans, we're launching one more product you all have been waiting for, along with # Mi10 on May 8th. Leave your guesses in the comments.  RT if you #wirelessfreedom ...
2 comments
Read more

Google Currents' to Replace Google+ for Enterprise Users on July 6

Google Currents' to Replace Google+ for Enterprise Users on July 6 By techtonic group Following the  shuttering of Google+  for consumers in 2018, Google announced that the G Suite version of the ill-fated social network will be rebranded as ' Google Currents '. Now, more than a year later, the company has announced that the new service will be officially launched July 6. The 'Currents' branding will also be introduced to the existing Google+ apps on Android and iOS, the company said. In an e-mail to  G Suite  administrators on Thursday, Google said that existing Google+ enterprise users will be automatically transitioned to the new platform. The new service will reportedly come with an 'updated look and feel'. It will also offer a number of new features, including content moderation and administrative privileges, the company said. It will also carry over some Google+ concepts, like 'tags' and 'streams'. Google Currents has been...
1 comment
Read more