Advertisements

Wednesday, 4 July 2018

JioMoney app vulnerability said to have exposed users’ Aadhaar details; Reliance Jio denies it

According to an independent security researcher, a vulnerability in Jio's JioWallet app said to have exposed personal data of the users. The Aadhaar numbers were exposed along with details like date of birth, when did they verify SIM card and their JioMoney account MPIN. C.S. Akshay who is an independent security researcher started digging the JioMoney code when the service’s customer support was unable to resolve a grievance. In a Tweet, Akshay said: “Absolutely irritated, I messed with Jio Money with [which] the issue resided and boom, a vulnerability was discovered.” However, he deleted the Tweet on the subject after getting a call from Jio. Though Jio never publicly announced how many users are enrolled on JioMoney, the company encourages all its subscribers to download the entire Jio suite of apps, which includes JioMoney. Jio on the other runs its own payments bank, it has also partnered with many companies including insurance. It also has partnerships with Uber, Sodexo, Snapdeal and Dominos Pizza. It’s unclear if this incident has reached to RBI yet. Interestingly, this isn't the first time Jio has had a vulnerability in its app ecosystem. Back in 2017, Imran Chhimpa figured out a way to auto-fetch Jio users’ details from their phone numbers with a ...