TSCOP app hack exposes chinks in armour of police dept
Hyderabad: The Telangana police experienced another major data breach within weeks following the compromise of HawkEye app. Now, their TSCOP app has also been allegedly infiltrated, exposing personal information of TS police.
As per reports, police-related data is currently available for sale on online forums. The same hacker responsible for the breach of HawkEye is allegedly behind this security lapse. The TSCOP app user data is being sold online for $120. Data security researcher Srinivas Kodali said, “Someone hacked the entire Telangana COPs network including TSCOP, their facial recognition setup.” Kodali further explained that it was easy for the hacker because the software company, WINC IT Services, embedded passwords as plain text inside the TSCOP app, which also connects to the Crime and Criminal Tracking Network & Systems (CCTNS).
In just one week, Telangana police experienced three major data leaks, all attributed to the same hacker: the TSCOP app data leak, the Telangana police SMS service portal breach, and the HawkEye app data leak.
The TSCOP app enables police officers to access crime and criminal databases and match images of people taken during patrols. The state has also built a comprehensive ‘360-degree view of every citizen’ database. Moreover, the app features an integrated facial-recognition system (FRS), allowing police to identify criminals, unknown bodies at crime scenes, or even missing children.
The hacker has posted sample data on forums to entice buyers, showcasing details such as offender records, police gun licenses, and other law enforcement information.
User information, including officer names, police station affiliations, designations, and images, is now available for purchase online, with hundreds of police officers’ details listed as ‘samples’.
Kodali offered some advice to the police, stating, “Telangana police should use a longer password with alphabets, numerals, capitals, and symbols. Also please use HTTPS only.”
Launched in 2018 for internal use by Telangana police, TSCOP was designed to provide instant information to aid in crime-solving and was recognised by the National Crime Records Bureau (NCRB) in 2017 with an award under the ‘Empowering Police with Information Technology’ category.
Recently, a data breach involving the HawkEye app, designed for Telangana police, was reported on BreachForums, a well-known marketplace for stolen data. Threat actors claimed that thousands of emails, phone numbers, SOS calls from women, and other details had been leaked.
Responding to the hacking, Telangana additional director-general (CID) Shikha Goel said, “We have registered a case and are investigating the hacking allegations and suspected breach.”
The HawkEye app, launched by Telangana police in 2014, allows the public to report violations, tip off police, and report crimes against women. It features an SOS button for emergency assistance, requiring users to share personal details like their name, email ID, and mobile number.
A sample of the leaked data included a complaint filed by a woman on the HawkEye app. She detailed how a man, who had promised to marry her, was now threatening her and her family. The data leak exposed her name, mobile number, location, and the date and time of the complaint.