It is important to note that these two apps are aimed at improving device security and preventing cyber attacks on users’ devices.Also, both the apps have been developed by
Affected versions are the IT Ministry’s Centre for Development and Advanced Computing (C-DAC).
Also, if you are unaware, CERT-in is a government body that monitors security flaws, bugs and issues with apps and softwares available across different platforms including Mac, Windows, Android, iOS, Linux, etc and reports them along with the probable cause and solution.
As per the report, the security flaws have been found within the USB Pratirodh version 3.1.2 and prior and AppSamvid version 2.0.1 or older.
Security flaws found in AppSamvid app
CERT-In has reported that two critical vulnerabilities have been found in AppSamvid that could potentially allow attackers to gain unauthorised access and control. The first (CVE-2024-25102) is a sensitive information exposure vulnerability caused by the use of the weaker SHA1 cryptographic algorithm, enabling attackers with local administrative privileges to obtain user passwords.
The second (CVE-2024-25103) is a DLL hijacking vulnerability arising from the use of vulnerable and outdated components, allowing attackers to execute arbitrary code on targeted systems.
These vulnerabilities pose serious risks to the security and integrity of systems running AppSamvid software.
Security flaws found in USB Pratirodh app
USB Pratirodh app has one security flaw that, according to the report, can allow local attackers to take control of the app and also modify the access control of registered users or devices on which the app is installed.
The reason behind the security flaw could be due to the usage of a weaker cryptographic algorithm (hash) SHA1 in the user login component.
What users can do
The government body has advised users to download and install the latest versions of these apps from the respective app stores — Play Store for Andoid and App Store for iPhone and iPads.
That said, updates for both the apps are already available. So, you can download the Upgrade to AppSamvid version 2.0.2 or later and USB Pratirodh version 3.1.3 or later to stay protected from the mentioned security flaws within these apps.