A recent lapse in security in Reliance Jio’s COVID-19 self-checking tool opened the service’s database to the internet. This meant anyone could have gained access to the database of private information of people who used the tool, without the need for a password. Jio has since pulled down the tool. There is no exact number with respect to how many people accessed the database before their data was compromised online.
The issue was detected first by Anurag Sen, a cybersecurity researcher. Following a report by TechCrunch, the issue was brought to light and Reliance Jio has since pulled down the COVID-19 self-checker tool. “The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms,” said Jio spokesperson Tushar Pania in a report by the publication.
Watch: Xiaomi MIUI 12: Top 5 features
Rolled out back in March 2020, the Reliance Jio COVID-19 Self-Checker tool helps people asses their symptoms. This lets them get an idea of the possibility of a Coronavirus infection. If the symptoms match or seem similar, users could go get tested. The Self checker features a series of questions. At the end of it, the AI-driven tool can estimate the user’s risk level between low and high.
Reliance Jio COVID-19 self-checker: What data was collected?
The Reliance Jio self-checking tool starts with basic questions first, as the gender and age. This is followed by questions on the user’s health conditions and travel history. One of the questions also asks if the user or a family member has come in contact with a Coronavirus patient.
These questions and their responses were a big part of the Jio database that was compromised. When accessed freely without a password, Sen found millions of logs and records from April 17 until a few days ago, which is when the tool was taken offline. The compromised server was originally meant to monitor Jio’s website performance, logging in errors, and system messages. However, it also contained profiles of users.
These profiles featured a user’s precise geolocation, in case permission for the same was granted by users to the Jio service. As per the report, most of the data came from major cities like Mumbai and Pune, where Coronavirus cases are at a high. Further, data of some users in locations like the UK and in North America were also found.