The Indian Computer Emergency Response Team (CERT-In) has raised concerns about vulnerabilities in two government applications, which could potentially allow hackers to take control of the systems.
Ironically, these two apps, USB Pratirodh and AppSamvid 2.0.1, are designed for cybersecurity purposes. Both applications have been developed by the IT Ministry's Centre for Development and Advanced Computing (C-DAC).
This comes at a time when several Indian government websites, email ids, databases, and overall digital infrastructure are being routinely targeted by threat actors, either in a bid to steal sensitive information, or sell such stolen databases on the dark web for a hefty fee.
"Multiple vulnerabilities have been reported in AppSamvid software which could allow a local authenticated attacker to take control of the application or execute code on the targeted system," CERT-In's vulnerability note from March 4 said.
The CERT-In's alert for USB Pratirodh was also similar.
"A vulnerability has been reported in USB Pratirodh which could allow a local attacker to take control of the application and modify the access control of registered users or devices on the targeted system," the note said.
While USB Pratirodh controls the usage of pen drives, external hard drives and allows only authenticated users to access removable storage media, AppSamvid is an application that allows only "whitelisted" software to run on an operating system.
'AppSamvid and USB Pratirodh were using weak algorithms'
The nodal cybersecurity agency which functions under the IT Ministry also pointed out that the vulnerability in AppSamvid existed due to usage of "weaker cryptographic algorithm" in user login section.
"An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow attacker to take complete control of the application on the targeted system," CERT-In said.
USB Pratirodh too has been found to be using weak cryptographic algorthim, CERT-In said. A hacker could have exploited this vulnerability to obtain the password of USB Pratirodh on a targeted system.
"Successful exploitation of this vulnerability could allow the attacker to take control of the application and modify the access control of registered users or devices on the targeted system," it added.
Govt's cybersecurity budget doubled
Moneycontrol previously reported that Pakistan-based intelligence operatives were targeting sensitive Indian installations and departments by sending malicious files through emails.
In its annual report released in November 2023, CERT-In stated that the agency handled 1,391,457 cybersecurity incidents in 2022.
Taking such attacks into cognisance, the Indian government, in the Interim Budget 2024, nearly doubled the allocation for cybersecurity projects from Rs 400 crore in 2023-2024 to Rs 759 crore in 2024-2025
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
