Using just subscribers' mobile numbers, a flaw in Airtel’s mobile app could have been exploited to access subscribers' sensitive information, including their email, address and device IMEI number, BBC reported. This put the privacy of more than 300 million subscribers in jeopardy. Other information about a subscriber that could have been accessed (ab)using the flaw were users’ name, gender, date of birth, address, subscription information, device capability information for 4G, 3G, GPRS, network information, activation date and user type (prepaid/postpaid). The flaw was discovered by independent security researcher Ehraz Ahmed. Airtel told BBC that the flaw has since been fixed. When contacted, Airtel sent us the following statement: "There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice. Since these were testing APIs, we can now confirm that no data related to our customers has been impacted. Airtel’s digital platforms are highly secure. Customer privacy is of paramount importance to us and we deploy the best of solutions to ensure the security of our digital platforms.” Ahmed told MediaNama, “I usually look for high-risk vulnerabilities in applications that store vast amounts of data, Luckily, I found this in Airtel, and got it fixed before it being exploited.” However, he told us that he wasn’t entirely sure if the flaw had indeed not been exploited before he discovered it, and said that it took him 15 minutes to find the flaw. He discovered the flaw on November 29,…
- Digital India bill to be released post elections: IT Minister Rajeev Chandrasekhar says November 30, 2023
- How Will India’s Draft Broadcasting Services Regulation Bill Impact News Platforms? November 30, 2023
- Video: Briefing on the Impact of Draft Criminal Laws on the Digital Ecosystem November 30, 2023
- How Is Deepfake Regulation Linked To Platform Safe Harbour Provisions? November 30, 2023
- Final Call: Impact of Draft Criminal Laws on the Digital Ecosystem; Nov 30, 3:30 PM November 30, 2023
MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.
Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...
Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...
RBI Deputy Governor Rabi Shankar called for self-regulation in the fintech sector, but here's why we disagree with his stance.
Straw man fallacy: IT Ministers’ defence of government exemptions in data protection law misses the point
Both the IT Minister and the IT Minister of State have chosen to avoid the actual concerns raised, and have instead defended against lesser...
The Central Board of Film Certification found power outside the Cinematograph Act and came to be known as the Censor Board. Are OTT self-regulating...
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
Twitter takes down tweets from MP, MLA, editor criticising handling of pandemic upon government request
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...