This page includes links to news articles and other media documenting my work.
Internet Censorship
While the government and telecom companies drag their feet on bringing transparency on how websites are blocked in India, security and legal researchers are probing ISP networks to figure out some details.
Application Security
A significant chunk of Delhi police’s online infrastructure was accessible without authorisation, and it took seven months for this to be fixed.
A security flaw in the ECI website put at risk not just the electoral roll, but all the other information gathered about voters as well—potentially putting the personal information of every Indian at risk.
“Security researcher finds serious flaw in Aadhaar system” - March 24, 2018 - scroll.in
The private information of all Aadhaar holders is vulnerable because of a state-run utility company, claimed Karan Saini.
“Bug Allows Attackers to Bypass Uber’s 2FA” - January 23, 2018 - trendmicro.com
In a security-related incident, a security researcher discovered a bug that allows an attacker to bypass the Uber app’s two-factor authentication (2FA) feature.
Internet and Telecommunications Security
“ACT User Addresses Could Have Been Revealed by Security Flaw” - August 25, 2020 - gadgets.ndtv.com
The flaw was found by a security researcher and has now been resolved by the company.
“You Should Be Worried If You’re An ACT Broadband User” - January 8, 2020 - huffpost.com
A security issue in one of India’s fastest growing broadband providers means that an attacker could use your broadband connection, steal your credentials, and monitor your Internet activity.
“Xfinity website bug revealed home addresses and Wi-Fi passwords” - May 22, 2018 - engadget.com
This week, ZDNet reported that a Comcast website used to activate Xfinity routers was leaking personal data, including a person’s home address, the name of the Wi-Fi network and password.
“Bug reportedly exposed T-Mobile customers’ personal data” - October 10, 2017 - cnet.com
Website flaw allowed access to a customer’s data by guessing their phone number, Motherboard reports.