Youth Hacks PM Modi App, Exposes Security Flaws


Mumbai:  After the Twitter accounts of Rahul Gandhi and Indian National Congress were hacked, a Mumbai youth claims to have hacked into PM Modi’s app. Javed Khatri said that he didn’t intend to harm but to reveal a security loophole.

Late on Thursday night, Javed Khatri, who says he is a mobile app developer, reached out to the  Yourstory website, claiming he had hacked into the PM’s app and could access the private data of users, including email ids and even mobile numbers of union ministers. He says it was an exercise to draw attention to the data security risk to over seven million users who have downloaded the app.

In an email which he sent to YourStory, he wrote:

“I am able to access private data of any user on the app. The data includes phone number, email, name, location, interests, last seen etc. I successfully managed to extract the personal phone numbers and email ids of ministers like Smriti Irani.

“Not only that, I can make any user on the platform follow any other user on the platform. This is just the summary of this huge security loophole which I want to report. The privacy of more than seven million users is at stake if this gets ignored.”Javed told YourStory that he did not want to cause any harm but wanted to demonstrate how poor the security of the app is. He even mentioned it was easy for him to hack the app.

Javed shared a couple of screenshots in which he gives proof of the hack being legitimate. The grabs have personal data of Dr Jitendra Singh who is the Minister of State for the Ministry of Development of North Eastern Region, which he accessed via the Narendra Modi app.

Even he can make any user on the platform follow other users. He says he is more concerned with the privacy of more than seven million users is at stake  if the security glitch is ignored.

The story emerged on the website this morning but was removed after two hours. A clarification was posted later.

“The App doesn’t capture any private or sensitive data. App user’s information is stored in an encrypted mode… We would like to thank Mr Javed Khatri for acknowledging that the developers have focused a lot on security. We have since had a constructive engagement and discussed various security measures to further enhance the security features of the App,” Amit Malviya, National Convener, Information & Technology, BJP, told the website.

Javed Khatri works out of a small office in Mumbai’s Ghatkopar area.

Meanwhile, Congress has suspended 200 Twitter accounts of party leaders after its official account and that of its number 2 leader Rahul Gandhi were hacked into and flooded with profanities.