Indian contact tracing app allows GPS spoofing and triangulation attacks

Shortly after launch, security researcher Baptiste Robert discovered that India's contact tracing app, Aarogya Setu ("Health Bridge"), allows users to spoof their GPS location, find out how many people reported themselves as infected within any 500-metre radius, and mount a triangulation attack to confirm someone else's suspected positive diagnosis. The app, which was created by the government's National Informatics Centre, uses GPS to track people's movements rather than Bluetooth as many others do; it has been downloaded 90 million times, and is mandatory for many workers.

Source: https://www.wired.com/story/india-covid-19-contract-tracing-app-patient-location-privacy/

Writer: Andy Greenberg
Publication: Wired