CERT-In flags security vulnerabilities in two government apps

With growing concern over cyber threats in India, the central government had launched USB Pratirodh and AppSamvid 2.0.1 apps in 2020 and 2021, respectively.

Both apps were developed by the Centre for Development and Advanced Computing (C-DAC), an autonomous agency under the Ministry of Electronics and Information Technology ( MeiTY ).

USB Pratirodh app is a scanner app for removable storage devices such as pen drives, external hard drives, cell phones and other supported USB mass storage devices connected to PCs

AppSamvid 2.0.1 app is used to check if the software running on a computer is genuine or fake.

Both are free software apps and can help users with the early detection of any trojans or malware in a PC or mass storage device. But, a new report has emerged that the apps have security vulnerabilities.

Indian Computer Emergency Response Team ( CERT-In ) has warned that the flawed and outdated algorithm on AppSamvid 2.0.1 and USB Pratirodh apps can enable bad actors to take over computers.

.EPFO, telecom user details dumped on GitHub, CERT-In to investigate data leak: report . USB Pratirodh and App Samvid software have a weak cryptographic algorithm (hash) SHA1 in the user login component. A local attacker with administrative privileges can exploit this vulnerability to obtain the app's password on the targeted system and modify control of the registered users or devices on the targeted system.

There is one more Dynamic Link Library (DLL) hijacking vulnerability in App Samvid software.

If this issue is not fixed, "an attacker with local administrative privileges can execute arbitrary code and take over the targeted system," CERT-In noted.

Vulnerabilites in USB Pratirodh and App Samvid apps were first detected by Prajyot Chemburkar (Payatu Security Consulting Pvt. Ltd. India) and Mukun Kedia, respectively.

CERT-In flagged the vulnerabilities detected in the apps with C-DAC. The latter has rolled out new updates to the two apps. Users are advised to upgrade to the latest versions-- AppSamvid v2.0.2 and USB Pratirodh v3.0.3.

.VajraSpy malware: Several espionage apps detected on Google Play Store. Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech .

CERT-In flags security vulnerabilities in two government apps

Follow us on :

Follow Us